WICCON 2023

Adversaries of the Future: The Dynamic Red Teaming Landscape
2023-10-31 , Second Main Stage

The cyber security industry is fast paced as a result of two opposing forces attempting to outsmart each other: attackers search for new attack vectors to compromise their targets' infrastructure while defenders deploy technical measures and processes intended to stop attackers in their tracks. These opposing forces result with changes in TTPs used by adversaries to overcome newly-deployed technical defenses. These changes also reflect in red teaming engagements as red teamers adjust their workflows to circumvent the defenses. What are the most impactful technical changes that have induced changes in the adversary TTPs and how will this continue in the future?


The session will start with a general overview of red vs blue from the perspective of red teaming. It will mostly be focussed on the technical offensive techniques and the defensive measures that have been used at the start and we will look at how all of these changed meanwhile.

Starting from the most primitive buffer overflow exploits against oldschool antiviruses, then moving onto the rise in enterprise networks and how this impacted the techniques and made space for lateral movement. This is where the big changes start to happen and various reconnaissance and lateral movement techniques start to develop. Meanwhile, the cloud industry is also starting to impact red teaming and gives rise to new attack vectors and calls for new security measures.

The most impactful specific technical defensive measures will be discussed as well as an analysis on how these defensive measures forced adversaries and red teams alike to adjust and come up with new creative attack vectors. Based on these developments, I try to predict the future trends in the cat and mouse game based on the techniques that are still applicable for attackers.

All of the information gathered and processed in my head has been the result of extensive red teaming practice in numerous organizations' networks.

Eva Tanaskoska is a red team operator working in the Northwave Red Team with a strong background as a network engineer. With expertise in network architecture, protocols, and security practices, Eva specializes in emulating real-world cyber attacks to identify and exploit vulnerabilities in organizations' defenses. Her technical proficiency, critical thinking, and strategic approach have proven instrumental in fortifying security postures and mitigating risks. Adept at communicating complex concepts to both technical and non-technical stakeholders, Eva fosters strong working relationships and facilitates shared understanding with a goal of helping organizations keep their networks secure against threats.