Contributed Session 2: Cobalt Strike: A Cyber Tooling T&E Challenge
HTML-код
- Опубликовано: 10 ноя 2024
- Dr. Nathan Wray is a technical lead and senior operator on the Advanced Cyber Operations team under the Office of the Director, Operational Test and Evaluation. Within his role, over the past seven years, Dr. Wray has performed red teaming, developed offensive cyber operations capabilities, and assisted cyber teams across the Department of Defense. Before his current role, Dr. Wray had over a decade of experience in operational and research-related positions in the private and public sectors. Dr. Wray's prior research and focus areas include leveraging machine learning to detect crypto-ransomware and researching offensive cyber capabilities, techniques, and related detection methods. Dr. Wray has Computer Engineering, Network Protection, and Information Assurance degrees and received his Doctorate of Science in Cybersecurity from Capitol Technology University in 2018.
Cyber Test and Evaluation serves a critical role in the procurement process of Red Team tools; however, once a tool is vetted and approved for use at the Red Team level, it is generally incorporated into their steady state operations without additional concern with regards to testing or maintenance of the tool. As a result, approved tools may not undergo routine in-depth T&E as new versions are released. This presents a major concern for the Red Team community as new versions can change the Operational Security of those tools. Similarly, cyber defenders - either through lack of training or limited resources - have been known to upload Red Team tools to commercial malware analysis platforms, which inadvertently releases potentially sensitive information about Red Team operations. The DOT&E Advanced Cyber Operations team, as part of the Cyber Assessment Program, performed in-depth analysis into Cobalt Strike, versions 4.8 and newer, an adversary simulation software widely used across the Department of Defense and the United States Government. Advanced Cyber Operations identified several operational security concerns that could disclose sensitive information to an adversary with access to payloads generated by Cobalt Strike. This highlights the need to improve the test and evaluation of cyber tooling, at a minimum, for major releases of tools utilized by Red Teams. Advanced Cyber Operations recommends in-depth, continuous test and evaluation of offensive operations tools and continued evaluation to mitigate potential operational security concerns.
Session Materials: dataworks.test...
