February 28, 2023
Many red team assessments revolve around MITRE ATT&CK. The offensive team will proactively determine which tactics and techniques they want to try, write them into an agreed upon rules of engagement document, and then perform the associated behaviors. This pattern adds structure to the testing but can open you up to a false sense of security. The “many variations problem” states that any test implementation can be tweaked to evade the defense. However, you can counteract this problem through continuous variation. By running a never-ending supply of tests, every day, and across all endpoints, the idea is you will eventually run a statistically significant number of variations.
Be immediately notified of new advisories and associated security tests