Nytro Posted September 30, 2022 Report Posted September 30, 2022 The talk discusses a few techniques that can be applied by Red Team across every stage of the cyber kill-chain to reduce their activities detection rate. Author will share evasion tactics he's been following during recently held engagements One of the toughest hurdles of every Red Team engagement is obviously detection potential of exercised Blue Teams. These teams base their defensive capabilities on systems producing feed of incident events sensing potentially malicious IOCs such as domains, API calls invoked in monitored system or unusual file types. Red Teams aiming to simulate APTs should therefore apply evasion strategies in every step of their designed kill-chain to lower detection rates and increase success rate of accomplishing engagement goals while undetected. For Red Teamer, every stage of the kill chain has its own issues detection-wise. This talk will therefore try to map out some of these detection areas and discuss appropriate evasion strategies combating them. 1 Quote