The red team assessment has entered its fifth year in Taiwan, and when companies are at different levels of information security maturity, they have completely different ideas and expectations for the execution and results of the red team assessment. We hope that through this speech, enterprises can know how to choose targets, determine the suitable scope, coordinate attack methods, organize blue team response methods, and plan follow-up information security improvement measures for different information security maturity levels, so that enterprises can set a truly suitable red team assessment service for themselves. 

With the widespread use of ATT&CK, companies have begun to use it to assess current threats and priorities for hardening. However, enterprises should not just use these TTPs to infer the risks of the enterprise, which may fall into the misunderstanding of the cause and effect, and then ignore the existence of more high-risk vulnerabilities that are easily exploited. This talk will share thinking and suggested ways of using ATT&CK correctly to reduce the risk of misplaced defense resources by chasing potential attackers aimlessly