Providing impact and insights on a red team engagement is crucial to improving the security posture of the target organization. Too often red teams have to comb through log files, pcaps or other disjointed artifacts to tell the whole story making it difficult especially on long-term engagements. The Red Mirror project is the mirror to the blue team’s SIEM; it’s an ELK-based system that captures operator actions, network traffic including C2 and MITRE ATT&CK tactics. By capturing this extensive amount of data, red teams can now easily query, visualize, and report on their actions. The gathered data has the added benefit of enabling red teams to perform infrastructure and operational security monitoring.

Zach has worked in offensive security for the last eight years focusing on securing financial institutions by breaking into them. He is currently the red team lead for a Fortune 100. Zach is the creator of the open source security projects changeme and Sticky Keys Hunter, and has contributed to several others including Metasploit, Empire and Recon-ng.

@ztgrace

Back to Derbycon 2018 video list