How to prioritize Red Team Findings? Presenting CRTFSS: Common Red Team Findings Score System Ver. 1.0

By: Guillermo Buendia


Robust red team practices generate multiple findings gradually; defenders struggle to keep up with remediations and detections. All red team findings are critical, but if everything is a priority, then nothing is. Organizations cannot feasibly defend against all ATT&CK techniques. They have more findings than they can optimally assign resources to and focus on the critical ones; they need a system to help them make this task manageable. This Workshop introduces CRTFSS: A methodology to prioritize red team findings using adversary behaviors observed in real-world threat intelligence and mapped to the MITRE ATT&CK based on the most frequent TTPs that score each finding based on the complexity of remediation and exploitability.

Sure, not all findings can be categorized through this methodology, but it's a start. Whether you work in a security team, need help prioritizing the red team findings that resulted from external assessments or BAS tools, are in an internal red team helping blue teams address critical outcomes, or work as a consultant needing support when reporting to clients, come learn how to prioritize your red team findings better and improve categorizing, tackling the critical ones first, and feel less overwhelmed with this daunting task. This Workshop will guide you through this new methodology and tools, such as the CRTFSS website, to calculate their criticality.

Skill level: All skill levels, from cyber security Entry level positions to Red Team leaders.

Pre-requisite knowledge: understanding and being able to navigate through the MITRE ATT&CK Enterprise Matrix"

(c)2023, Red Team Village