James Fitts, Chris Fennel (Walmart)

Red Team campaigns simulate real adversaries and provide real value to the organization by exposing vulnerable infrastructure and processes that need to be improved. The challenge is that as organizations scale in size, time between campaign retesting increases. This can lead to gaps in ensuring coverage and finding emerging issues. Automation and simulation of adversarial attacks can be created to address the scale problem. Collecting libraries of Tactics, Techniques and Procedures (TTPs) and testing them via adversarial emulation software. Unfortunately, automation lacks feedback and cannot analyze the data in real time with each test.

To address this problem, we introduce RAMPART (Repeated And Measured Post Access Red Teaming). RAMPART campaigns are very quick campaigns (1 day) meant to bridge the gap between the automation of Red Team simulations and full blown Red Team campaigns. The speed of these campaigns comes from pre-built playbooks backed by Cyber Threat Intelligence (CTI) research. This approach enables a level of freedom to make decisions based on the data the red team analyst sees from their tooling and allows testing further in the attack chain to test detections that could be missed otherwise.

View More Papers

UniID: Spoofing Face Authentication System by Universal Identity

Zhihao Wu (Zhejiang University), Yushi Cheng (Zhejiang University), Shibo Zhang (Zhejiang University), Xiaoyu Ji (Zhejiang University), Wenyuan Xu (Zhejing University)

Read More

The Dark Side of E-Commerce: Dropshipping Abuse as a...

Arjun Arunasalam (Purdue University), Andrew Chu (University of Chicago), Muslum Ozgur Ozmen (Purdue University), Habiba Farrukh (University of California, Irvine), Z. Berkay Celik (Purdue University)

Read More

Differentially Private Dataset Condensation

Tianhang Zheng (University of Missouri-Kansas City), Baochun Li (University of Toronto)

Read More