Becoming a Dark Knight: Adversary Emulation Demonstration for ATT&CK Evaluations | A Conversation with Kate Esprit and Cat Self from MITRE | Las Vegas Black Hat 2023 Event Coverage | Redefining CyberSecurity Podcast With Sean Martin and Marco Ciappelli

Guests: Cat Self, Principal Adversary Emulation Engineer, MITRE [@MITREcorp]On Linkedin | https://www.linkedin.com/in/coolestcatiknow/On Twitter | https://twitter.com/coolestcatiknowKate Esprit, Senior Cyber Threat Intelligence Analyst at MITRE [@MITREcorp]On Linkedin | https://www.linkedin.com/in/ka....te-e-2b262695/______ Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/i....tspmagazine-podcast- Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast and Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/i....tspmagazine-podcast- Episode’s SponsorsIsland.io | https://itspm.ag/island-io-6b5....ffd_________________ NotesIn this new Chats on the Road to Black Hat USA 2023 on the ITSPmagazine Podcast Network, hosts Sean and Marco are joined by Cat and Kate from MITRE to discuss the world of adversary emulation and its importance in improving cybersecurity. The conversation covers MITRE's role as an industry thought leader and their focus on making the cyber world a safer place. They explain how MITRE ATT&CK, a framework based on observations from blue and red engagements, led to the development of ATT&CK evaluations, which aim to raise the standard of the industry and provide transparency. The hosts and guests emphasize the need for transparency in adversary emulation and how MITRE releases their methodology, results, and code to make the practice more accessible.The group also discusses the challenges faced in aligning emulation plans with the diverse and unique solutions deployed by different vendors and the importance of maintaining the integrity of what the adversaries would actually do. The conversation also touches on the differences between adversary emulation and simulation. While emulation replicates the actions and techniques of specific adversaries, simulation allows for more flexibility and blends different components of multiple adversaries.The hosts and guests also explore the power and responsibility that comes with conducting adversary emulation, drawing parallels to superheroes like Batman and Spider-Man.About the session — Becoming a Dark Knight: Adversary Emulation Demonstration for ATT&CK EvaluationsBatman once said, "you either die a hero or live long enough to see yourself become the villain." What if there was a way to become a cyber villain for the greater good? For the last 5 years, the MITRE ATT&CK Evaluations team has been improving the industry by "becoming the villain." We study some of the world's most advanced threat actors, develop a scenario, build malware and tools, then execute the operations against major EDR vendors. And the best part? Not only do we get the business justification