Welcoming of the Guests

Matt Suiche, (Founder at Comae & OPCDE)

Red Team Handcuffs

CDG SERPENT is one of several Microsoft Red Teams. Our scope includes Windows, IOT, Devices, and Gaming. During our Red Team engagements we emulate adversaries as much as possible, but there are tactics adversaries do that we are unable to replicate exactly due to limitations in our rules of engagement, technology or time constraints.
SERPENT has developed effective tactics that are in line with our constraints. This talk will cover several (but not all) of the limitations we face and the actions that we have taken to address them.Agenda:
Who and what SERPENT is; introduction to the team and how we operate via Red and Purple teams.
Talk format – cover a limitation, then a mitigation / solution, each one should have a couple of slides and a potential scenario to discuss. Scenarios will be real world public examples that are able to be discussed.
Our ROEs are more focused on being a deny list rather than an allow list.

Caleb McGary, Security Researcher @ Microsoft

Kyle Bachman, Security Researcher @ Microsoft

Red Team at CDG (Cosine, Devices, and Gaming) SERPENT @ Microsoft

Red Team at CDG (Cosine, Devices, and Gaming) SERPENT @ Microsoft

Crypto AMA


Mark C.,


Ruslan Kiyanchuk,




Comae Comae Comae Comae