Attack tree theory is being successfully applied to understand, evaluate and improve the security posture in multiple scenarios: from IT to Critical Infrastructure ecosystems. From a defensive point of view, it is a powerful tool to analytically analyze the threats and risks at which the environment is subject. But what about the offensive side? Can we use the same techniques?
In this talk, we will analyze how to apply the attack tree theory in complex Red Teaming and Adversary Simulation operations. How these concepts and approaches are useful to better understand, act and react to events, and critical edge cases, that could happen during the engagement.
Finally, we will work through a case study analyzing a practical application of the theory: from the identification of the target and the goal to the final execution.