Webcast: When Worlds Collide: OSS Hunting & Adversarial Simulation





Worlds collide as Black Hills Information Security (BHIS) brings together legendary developers in open source software (OSS) hunting and adversarial emulation projects for a discussion on the current state of the landscape and what’s coming next.

As our panel hosts, Jordan and Kent (Atomic Purple Team, PlumHound), continue to focus on advocating and evangelizing for Purple Teaming in the information security community, they have invited Roberto Rodriguez & Nate Guagenti (HELK Project, Mordor) and Marcello Salvati (CrackMapExec, SILENTTRINITY) to discuss the collision of OSS Hunting and Adversarial Emulation platforms, with additional commentary from John Strand.

The group will discuss Roberto Rodriguez (@Cyb3rWard0g) and Nate Guagenti’s (@neu5ron) development and maintenance of the HELK project while focusing on the ongoing development of Mordor, Datasets, and Azure Resource Manager templates. Joining the world-class hunters is Marcello Salvati (Byt3bl33d3r), developer of CrackMapExec and SILENTTRINITY to continue the discussion of OSS adversarial simulation. John Strand will add commentary on the history of adversarial simulation, hunting, and where the industry may be headed.

Webcast Hosts:

Special Guests:

Join the BHIS Community Discord https://discord.gg/aHHh3u5

Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_WhenWorldsCollide.pdf

00:00:00 – PreShow Banter™ — We’ve Lost Control

00:10:47 – FEATURE PRESENTATION: When Worlds Collide

00:14:26 – Threat Intelligence Sharing

00:25:57 – Won’t Stop Can’t Stop

00:32:06 – A Tired Community

00:38:54 – Re-Investing Open Source Projects

00:45:37 – Open Threat Research

00:50:57 – Understand Adversary Tradecraft

00:52:50 – Mordor Labs

01:10:05 – Mordor Datasets

01:12:42 – HELK

01:18:41 – Threat Hunter Playbook

01:35:34 – PostShow Banter™

Learn more about these projects if you haven’t yet:

https://twitter.com/porchetta_ind

https://twitter.com/HunterPlaybook

https://twitter.com/Mordor_Project

https://twitter.com/OSSEM_Project

https://github.com/DefensiveOrigins/AtomicPurpleTeam

https://github.com/OTRF

https://github.com/OTRF/mordor

https://github.com/OTRF/mordor-labs

https://github.com/Cyb3rWard0g/HELK

https://github.com/byt3bl33d3r/SILENTTRINITY

https://github.com/byt3bl33d3r/CrackMapExec

https://github.com/OTRF/ThreatHunter-Playbook

https://jupyter.org/

https://mordordatasets.com

https://mordordatasets.com/notebooks/small/windows/windows.html

https://infosecjupyterbook.com/community-workshops/defcon_btv_2020/use-cases/01_Data_Analysis_Process_Injection.html



Ready to learn more?

Level up your skills with affordable classes from Antisyphon!

Pay-What-You-Can Training

Available live/virtual and on-demand