Hey y'all welcome to the breachnessac simulation weekly updates, uh so my name is Aaron Kerry I'm a new face around here, I just joined gitlab as a staff engineer on the incubation team, I'm going to be jumping in as the breach and attacking licensing legendary group I'm, pretty excited so without further Ado. Let's just share uh what I'm going to be working on so region attack simulation if you're familiar with vulnerability management, you already may have an idea one of the major problems in a vulnerability management tool on its own.

So when you get a vulnerability management tool, you may end up with a report with hundreds of vulnerabilities and what breach and tax simulation allows you to do. Is it takes penetration testing to the next level? It takes hacker techniques that a penetration tester would do manually on your network and give you a report. Vibration attack simulation allows you to do is on top of your existing vulnerability management solution or on top of tooling, that may be provided through gitlab in your pipeline breach.

Attack simulation is going to give the ability to do external penetration against some of your services and applications that you're developing. What this will provide provide is the ability for you to see which vulnerabilities you can prioritize remediating, because those are going to be low hanging fruits for attackers and attackers are always going to use the low-hanging fruits.

um It's a really common thing uh in the sort of a fast security space where you're able to go ahead and use a lot of these common techniques and adding a breach and attack simulation capability at the test and deploy stage of the pipeline is going to make it easier for teams to figure out what these low hanging fruit may look like for an attacker, so that, because this is my first move, onboarding there's not much more of an update.

Besides that, I'll just make a note of a couple places to follow so I've created a breach and attack simulation group subgroup in gitlab. You can go here under incubation to gitlab org organization.

um You can then go from that gitlab.org into incubation engineering. The breach and attack simulation under this meta project. In here, I've got an issue set up. This is similar to the rest of the incubation engineering team. So don't get too much into it, but here is going to be a list of past updates where I'll go through and add recordings for each update. This will happen weekly, whether it's in the form of blog posts or if it's in some other forms, such as video update like this on gitlab unfiltered.

You could share the ability here to get a sense of where the project is going over time and I'll be making updates here, if I'm linking any other projects or issues you'll, see all the links in here. If there's anything that you'd love to see or any feedback, you'd love to give around the direction, breach and tax simulation I would love for you to provide feedback in here.

I'm super happy to have an open discussion around this um outside of that gitlab, unfiltered I'm, sure you've seen us on YouTube Hello um but yeah make sure to just like and subscribe to these videos if you're, finding this playlist, useful and I hope to hear from you again. Thank you. Bye.