Read the abstract ➤ https://www.conf42.com/Incident_Management_2023_Christopher_Haller_atomic_red_team_threat_actors Other sessions at this event ➤ https://www.conf42.com/im2023 Join Discord ➤ https://discord.gg/DnyHgrC7jC Reach out to Chris ➤ chris.haller@strongcrypto.com Chapters 0:00 intro 2:08 preamble 2:41 agenda 3:00 who is chris 5:18 the problem 8:05 knowns matrix 9:41 a solution 12:09 mitre att&ck 13:32 procedures 14:40 atomic red team 18:02 breach attack simulation (on a budget) 19:52 atomic test #22 - winpwn - powersharppack - seatbelt 21:30 atomic test #3 - dump active directory database with ntdsutil 23:18 conclusion 24:36 questions?