search menu icon-carat-right cmu-wordmark

Generating Known Unknowns Through Known Knowns

Marcus LaFerrera delivered this presentation at FloCon 2022 on January 13, 2022. Watch the video and download the slides.

Software Engineering Institute




There are multiple tools available that will build infrastructure for you, then, simulate attacks on the newly built infrastructure. Your job as an analysts is to leverage this data to test your detections and defenses. What if there were a simpler way? What if you could simply generate log events with specific characteristics, then ingest the data into your analytic tool of choice? In this talk we will go over a python framework to simplify data generation simulating specific attacks and attack chains without the need for infrastructure.

Attendees will learn how to leverage an open source tool to generate synthetic attack events allowing them to easily generate adversarial activity without the need to build infrastructure.

Marcus has been in the security field longer than he'd like to admit. Most of his experience before joining Splunk as a Security Strategist has been supporting various government agencies. He has done everything from leading SOCs, to building threat hunting teams, to research and development. As an avid open source enthusiast, he has contributed to several projects as well as the lead maintainer on many more. When not modifying his .vimrc or .tmux.conf files, he enjoys family time, hiking, mentoring, and craft beer.


Part of a Collection

FloCon 2022 Assets

This content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.