James Fitts, Chris Fennel (Walmart)

Red Team campaigns simulate real adversaries and provide real value to the organization by exposing vulnerable infrastructure and processes that need to be improved. The challenge is that as organizations scale in size, time between campaign retesting increases. This can lead to gaps in ensuring coverage and finding emerging issues. Automation and simulation of adversarial attacks can be created to address the scale problem. Collecting libraries of Tactics, Techniques and Procedures (TTPs) and testing them via adversarial emulation software. Unfortunately, automation lacks feedback and cannot analyze the data in real time with each test.

To address this problem, we introduce RAMPART (Repeated And Measured Post Access Red Teaming). RAMPART campaigns are very quick campaigns (1 day) meant to bridge the gap between the automation of Red Team simulations and full blown Red Team campaigns. The speed of these campaigns comes from pre-built playbooks backed by Cyber Threat Intelligence (CTI) research. This approach enables a level of freedom to make decisions based on the data the red team analyst sees from their tooling and allows testing further in the attack chain to test detections that could be missed otherwise.

View More Papers

Measuring the Prevalence of Password Manager Issues Using In-Situ...

Adryana Hutchinson (The George Washington University), Jinwei Tang (Clark University), Adam Aviv (The George Washington University), Peter Story (Clark University)

Read More

Inaudible Adversarial Perturbation: Manipulating the Recognition of User Speech...

Xinfeng Li (Zhejiang University), Chen Yan (Zhejiang University), Xuancun Lu (Zhejiang University), Zihan Zeng (Zhejiang University), Xiaoyu Ji (Zhejiang University), Wenyuan Xu (Zhejiang University)

Read More

Facilitating Threat Modeling by Leveraging Large Language Models

Isra Elsharef, Zhen Zeng (University of Wisconsin-Milwaukee), Zhongshu Gu (IBM Research)

Read More