DEFCON 32 Adversary Village Red Teaming Panel
While Red Team exercises are invaluable for mirroring adversary behavior, they can be time-consuming and expensive. This panel will fix it.
If organizations have ever wondered how to stay on top of emerging threats and keep their defenses sharp, Red Teaming is likely one of the key strategies they rely on.
At DEF CON 32’s Adversary Village, a panel aptly titled “Red Teaming is Broken; This Panel Will Fix It” brought together experts from MITRE, Google, AWS, and Sentry to discuss how to make Red Team exercises more effective and more accessible.
Drinor Selmanaj, Founder of Sentry, was among the participants, offering insights on building a threat-informed defense.
Lazy Article Summary
The Challenge
The Adversary Village at DEF CON 32 served as the perfect environment for a deep dive into adversary tactics and techniques. Suneel Sundar, who manages a collaborative research and development program with MITRE and industry partners, kicked off the panel by emphasizing the need for Red Teaming in modern cybersecurity.
He outlined the central challenge: while Red Team exercises are invaluable for mirroring adversary behavior, they can be time-consuming and expensive. This often places smaller and mid-sized organizations at a disadvantage. Additionally, adversaries continually evolve, so by the time a Red Team exercise is planned, executed, and analyzed, threat actors may already be using new tactics.
Red Team vs. Adversary Emulation
To clarify the essence of Red Teaming, Sundar asked Selmanaj to outline the key concepts. Selmanaj described Red Teaming as goal-oriented, focusing on specific objectives such as testing an organization’s detection and response capabilities under realistic attack scenarios. He also distinguished between Red Teaming and Adversary Emulation: while Red Teaming is goal-oriented, Adversary Emulation mimics known threat actor behaviors (commonly tied to advanced persistent threat groups) to see if defenses stand up against real-world TTPs.
Collaboration is Key
Joe Vest (Principal Security Engineer at AWS) emphasized that Red Teaming isn’t merely about uncovering technical vulnerabilities; it’s also about observing how effectively defenders coordinate and adapt during an ongoing attack.
Niru Raghupathy (Security Engineer Manager at Google) added that open communication is key. Red Team insights must be shared with the Blue Team; otherwise, organizations miss the opportunity to address discovered weaknesses. The panel agreed that Red Teaming should shift from a “gotcha” mindset to a collaborative effort that continually refines defenses.
Maturity Matters
Another recurring theme was the question of whether organizations are prepared for advanced Red Teaming. Joe Vest noted that many jump into Red Team engagements prematurely, before nailing down essential cybersecurity hygiene and incident response processes.
Niru Raghupathy added that aligning Red Team objectives with the capabilities of those responsible for remediation ensures resources are effectively deployed. Selmanaj mentioned that organizations occasionally have unrealistic expectations of Red Teaming, reinforcing the need to set clear, achievable objectives from the outset.
Competence + Attitude = Results
The panel also addressed the skills necessary for Red Teamers to thrive in a constantly shifting threat landscape. Raghupathy pointed out that qualities like resilience, integrity, and adaptability are crucial.
Selmanaj emphasized the importance of Red Teamers staying “technology-agnostic,” mastering core cybersecurity concepts that apply across multiple systems. Vest echoed these points, underscoring that comprehensive knowledge of fundamentals often proves more valuable than familiarity with any one exploit or tool.
Closing Remarks
Suneel Sundar concluded the panel by encouraging attendees to explore related demonstrations, such as MITRE’s CALDERA projects, and to continue the conversation beyond DEF CON 32.
After the session ended, the panelists and attendees gathered for an informal chat over refreshments, turning serious cyber threats into lively banter. They traded war stories of past Red Team engagements, speculated on new adversary tactics, and shared lighthearted anecdotes from the trenches. When the group dispersed, everyone had gained fresh insights, forged stronger connections, and walked away with renewed energy to push Red Teaming forward.
Good to know:
Selmanaj recently authored a book designed for practitioners responsible for enhancing cybersecurity. We invite you to explore it as a valuable guide - whether you're part of a Red or Blue Team, a pen-tester, an information security officer, or anyone looking to strengthen hands-on skills by emulating adversary behavior. Individuals interested in the MITRE ATT&CK framework or seeking additional learning material for various cybersecurity certifications will also find this book insightful.
Note: This is not a beginner’s guide—if you’re new to the cybersecurity field, consider first reading up on operating systems, security, and the fundamentals of cybersecurity.
Adversary Emulation with MITRE ATT&CK
Learn to assess resilience against coordinated and stealthy threat actors capable of harming an organization.
In his book, Drinor demonstrates adversary emulation for offensive operators and defenders using practical examples and exercises that actively model adversary behavior.
