The Benefits of Infrastructure as Code for Adversary Simulation

In the recent CRESTCon Australia 2021, our Senior Consultant, Benjamin McMillan from the Privasec RED Team was invited to give a presentation on ‘The benefits of Infrastructure as Code for Adversary Simulation’.

APRA has “fast-tracked due to urgency of threat” the CPS 234 standard that requires Australian financial institutions to systematically test their resilience against cyber threats. Red Teaming by way of a “no holds barred” pen test is not going to be an effective way to demonstrate a security capability commensurate with real-world threats.

Red Team infrastructure needs to be purpose-built, which can take significant time if it’s to be tailored to the characteristics of an APT, in addition to being modular, disposable, time & cost efficient, and resistant to human error.

This presentation will attempt to clarify modern Red Team requirements and detail some benefits of Infrastructure as Code solutions for adversary simulation, including a crash course in Terraform.

#redteam #cybersecurity #adversarysimulation #cybersecurity #infosec #informationsecurity #technology #tech #redteam #redteaming #apra

About our Privasec Speaker

Benjamin McMillan is a Senior Consultant in the Privasec RED team. He is an offensive security generalist with capabilities across internal and external infrastructure, “assumed breach” scenarios, web application, Wi-Fi, and mobile testing. He has a passion for adversary simulation and post-exploitation of Windows domain networks. He holds the CREST CRT, OSCP, and CISSP certifications.

About Privasec Red Team

Privasec RED are CREST certified leaders who are passionate about Red Team Attack Simulations, Purple Teaming and Penetration Testing. Their other skillsets include SCADA & ICS Security, Drone Security, Physical Intrusions, Theft simulations, Open Source Intelligence Gathering (OSINT), Social Engineering, and Phishing.