BruCON 0x0F

With the increasing adoption of Red Teaming and Purple Teaming in the cybersecurity industry, organizations that have achieved high levels of security maturity can greatly benefit from these activities. However, organizations at the onset of building a security program are often left out.
This talk introduces Micro Attack Simulations, an innovative approach that allows organizations to validate specific security controls without waiting for full-blown Red Teaming exercises. Micro Attack Simulations focus on assessing single or multiple security controls that are already implemented, providing a valuable approach for organizations aiming to bolster their cyber resilience. These simulations not only focus on technical aspects but also consider non-technical security controls such as escalation procedures and reporting paths during security incidents. As a result, organizations can derive specific Red Team unit tests and perform a gap analysis of existing security controls. The talk will include an anonymized case study that demonstrates the modelling of potential attack trees and the technical execution of a Micro Attack Simulation. The simulation's goal was to validate security controls around a successful ransomware attack on the server infrastructure, including the encryption and exfiltration of sensitive customer data. The simulation involved actual data encryption, multi-node compromise using Cobalt Strike, separate custom-written out-of-band command-and-control channels, and even placing ransom notes and sending ransom emails to the organization's official press and communication channels to test crisis management processes.