Cybersecurity by counterShell

• What ASDC is

• There are many adversary tactics (see MITRE)

• How to approach the many red-team vs blue-team scenarios

• Building the mentality on how to approach these factors, whether it be in RnD or execution

• Thinking more like an adversary, less focus on the technicalities

While a lot of work has already been done on the cybersecurity data analysis front (in the form of SAIC), we are moving into more technical content development for SINCON 2025 and a variety of other requests. So far, most of the technical work is also contributing to our upcoming course, the Adversary Simulation, Detection and Counteractions (ASDC) Course, which is intended to be online, and on-demand.

The difficulty of coming up with the technical content is similar to the difficulty most cyber practitioners have with selecting appropriate course and certifications in the market: there is simply too much ground to cover. There are so many different tools, scenarios, techniques, across both red-teaming and blue-teaming. Different practitioners prefer different approaches and using different tools. Different adversaries have different TTPs and gameplans. Cyber is no longer as straightfoward, simply because the terrain is no longer straightforward. Today's IT systems are complex, span across multiple domains, and have all sorts of use cases for differing business and personal needs. And everything needs to be secured, both from the technical angle, and from the human angle.

Hence, counterShell's approach to ASDC is really to get back to the basics - to ground practitioners in the mentality of approaching attack and defence, as opposed to purely doing cool technical things with vulnerable boxes. We aim to equip our trainees with the ability to tackle evolving challenges on their own, to do their own R&D into whatever new red-team or blue-team approach that comes along. To achieve this, we are crafting scenarios that not only cover fundamental red-team and blue-team techniques, but also cover the engineering work required to make these techniques work.

In a similar vein, we are exploring ways to make these scenarios as realistic as technically possible. SAIC already features a "simulated Internet" for red-team C2, along with a fleshed out corporate network, comprising a DMZ, internal segregated networks, a CI/CD development network, amongst other things. ASDC will have a similar construct, but unlike SAIC, the path will be more open-ended and the environment will be better defended. ASDC will also have a blue-team component, which will be just as open-ended and noisy.