Purple Team: How This Color Can Help You And Your Organisation Learn and Get Better

Presented at BSidesLV 2017, July 25, 2017, 3 p.m. (55 minutes)

You have heard of Red Team, Red vs. Blue Team and Purple Team exercises, but these approaches often miss two crucial aspects: communication and mentoring. An organisation doesn't need to be overly mature to conduct a Purple Team exercise. This type of exercise can be divided into multiple stages when the business risks are well defined with communication and mentoring at the core of the engagement. This presentation will describe how and why to execute a Purple Team exercise, as well as how to encourage upper management's participation in this type of engagement. We will discuss techniques for executing a Purple Team exercise, along with the various types and levels of testing to assess the business risk using real case studies. This presentation will also include how to most effectively mentor the Blue Team. Similarly to a Red Team, Purple Team exercises assess the business risks that can impact the business as a whole. The main difference between these two being that the Blue Team is involved throughout the engagement. Daily, weekly or monthly meetings are set with communication as the main objective. The Blue Team is responsible to detect, monitor and analyze the Red Team's activities throughout the engagement. They communicate regularly with the Red Team to find solutions related to their findings rather than waiting for a finalized report that ultimately summarizes to the words "You've been pwned". Multiple levels of Blue Team involvement and mentoring approaches will be shown during the presentation. We will review different types of tests from predefined attack scenarios, which include real Red Team examples. We will focus on how this type of exercise can help the entire organisation improve their security from both a technical and strategic perspective, which will increase the value of this engagement when selling it to upper management.

Presenters:

• Patrick Mathieu - Owner / Senior Security Consultant - Hackfest.ca / SecurityCompass.com
  Patrick is co-founder of Hackfest.ca largest hacking conference in Canada and has been involved in computer security and hacking for more than 20 years. He is currently employed as pentester and lead Purple Team at a Toronto consulting company and and he's specialized in application security. Patrick holds a Bachelor and a College degree in computer science and he has always been active in the community and in his local security events.

Links:

• https://bsideslv2017.sched.com/event/BNG5/purple-team-how-this-color-can-help-you-and-your-organisation-learn-and-get-better
• https://infocon.org/cons/Security BSides/BSides Las Vegas/Bsides Las Vegas 2017/Purple Team How This Color Can Help You And Y.mp4
• https://infocon.org/cons/Security BSides/BSides Las Vegas/Bsides Las Vegas 2017/Purple Team How This Color Can Help You And Y.eng.srt (subtitles)
• https://www.youtube.com/watch?v=CF2RrpzhRuE

Similar Presentations:

• RVAsec 2021 / Why I Love Purple Teams, Even Though They Don't Exist
• ShellCon 2018 / Purple Team: Exposed
• BruCON 0x0A (2018) / Mirror on the wall: using blue team techniques in red team ops