Welcome to my 2023 Irreverant Red Team TTP Wrap Up (Trends, Trolls, Predictions)
It's likely some of these will ruffle feathers, but hackers break things right? ๐
๐งต๐
It's likely some of these will ruffle feathers, but hackers break things right? ๐
๐งต๐
1. SIEMs are being replaced by XDRs, which are winning in that market space. Top best defensive product additions are identity based: CSI & MDI (or whatever MS is calling it these days).
2. AI hasn't replaced anything (yet). We are still on the upswing of using it to assist with coding, rather than full service replacement. Some neat AI based red team products are starting to emerge.
3. Cobalt strikes are down! Yes, the C2 matters. While FOSS-C2s are still great, lots of shops are buying commercial alternates and/or writing their own. Nighthawk/BRC4 drama continues to remain hilarious.
4. UBA has yet to really take off, but will be an incredible defensive force if and when it does.
5. Deceptive techniques are on the rise. Orgs are (slowly) figuring out they can have more than one honey service account that doesn't have "Infosec - do not delete" in the description field.
6. Red Team telemetry is the hotness. Started with Red Elk, picked up with Nemesis, and lots of groups are doing it internally. You need that data. Get on it.
7. Assumed Breach has reached mainstream and is still rising. Various types are now being fleshed out and continue to bring great value to clients. This trend will likely continue for some time.
8. Tradecraft sharing has largely gone to DMs. Still happening between trusted groups. This is way more a reflection of the speed to detect rather than the OST debate, which nobody really cared about.
9. X remains the best place for latest infosec news and sharing. The mastothreads movement came and went o/. POC sharing is up while full tool sharing seems to have decreased due to liability concerns.
10. Vocabulary continues to shift. Talk of "risk" is gone. "Findings" are becoming "observations". "Skids" are now "cyber novices". Hacker culture of old continues to slowly decline in its effort to placate lawyers.
11. Stealth is important but takes a back seat as the gig continues as more and more engagements are including tightened collaboration with the defense.
12. R&D is now more critical than ever as defenses increase. Except for top shelf TAs, red teaming tradecraft seems to have handily outpaced the whoami groups of the world (should have ran whoami1.exe tsk tsk)
13. Nano has been awarded "breakglass" status as the world has shifted to modern editors.
Thanks for reading!
:wq!
Thanks for reading!
:wq!
โข โข โข
Missing some Tweet in this thread? You can try to
force a refresh
ใ
