1. InfoconDB
  2. Security BSides
  3. BSidesLV 2023
  4. Enemy Within: Leveraging Purple Teams for Advanced Threat Detection & Prevention

Enemy Within: Leveraging Purple Teams for Advanced Threat Detection & Prevention

Presented at BSidesLV 2023, Aug. 9, 2023, 10:30 a.m. (Unknown duration)

In "Enemy Within: Leveraging Purple Teams for Advanced Threat Detection & Prevention," attendees will learn to bridge the gap between Cyber Threat Intelligence and Offensive Security. We'll explore the importance of cross-functional collaboration with Detection Engineering and Red Team operations, examining challenges in Threat Intelligence and Purple Team operations. Addressing common challenges faced by offensive security and threat intel teams, such as securing buy-in from management and improving testing efficiency, we'll discuss how our teams collaborate to execute realistic operations, fostering a positive relationship between offensive security and threat intel resources. The presentation will include live demos of real-world adversary examples, like web shells and EvilGinx, and showcase open-source tools for streamlining efforts. By focusing on shared problems, we aim to demonstrate the importance of security investment and gain support from key stakeholders with financial resources and decision-making authority. We'll address limitations of existing frameworks that haven't effectively kept pace with real-world threats and conclude with a showcase of open-sourced tooling created by Meta's Purple Team to tackle the issue.

Presenters:

  • Adam Bradbury
    Adam serves as the Intelligence Lead for Meta's Incident Response team. Before joining Meta, Adam worked in the intelligence vendor space, empowering public and private sector organizations to effectively leverage cyber threat intelligence to enhance their operations. As a strong advocate for open standards, Adam supports intelligence sharing and automation within the industry.
  • Jayson Grace
    Jayson is the founder and technical co-lead for Meta's Purple Team. Previously he built and led the Corporate Red Team at Sandia National Laboratories. He's spent time as a red teamer, pentester, tool developer, system administrator, and DevOps engineer. Jayson is passionate about empowering engineers to create and maintain secure deployments. He also has a serious automation problem that he's working through in therapy.

Links:

Similar Presentations: