SlideShare a Scribd company logo

Cyber Purple Teaming: Uniting Blue and Red Teams - B Sides San Antonio - Albert Campa, Denim Group

Download as PPTX, PDF
Denim Group
Denim Group

You’ve heard of black, white, and gray box testing? Adding to the security color spectrum, Red Teams (pen testers) working together with Blue Teams (defenders), can improve organizational security and get the most out of security assessments. This talk will discuss both general and specific concepts and techniques to improve penetration tests with coordination of internal security teams. We will discuss high level topics such as knowing what type of assessment is needed for your organization, to more detailed technical concepts such as detecting attack traffic and coordinating with red team attacks. If your internal security team isn't ready for a pentest, lets discuss steps to get your team prepared and ready to fully take advantage of full scope penetration tests. From a pentester perspective, we will discuss the types of testing that is most beneficial to your clients and how to communicate and perform testing activities in conjunction with blue teams. We will also talk about ways to assist the teams with remediation from a 3rd party point of view. What are the three key points an audience will receive: · Pen testing techniques on working with internal security · Internal security techniques for detecting attacks · Concepts on performing the best type of pen test for your customers

Technology
1 of 46
© 2015 Denim Group – All Rights Reserved Cyber Purple Teaming: Uniting Blue and Red Teams Don’t forget Advanced Cyber
© 2015 Denim Group – All Rights Reserved Introduction: - Security Consultant - Brazilian JiuJitsu practitioner - Defender of networks - Firewall admin - Linux guy - Soccer player/fan - Windows guy - Air Force guy
© 2015 Denim Group – All Rights Reserved Points to discuss: - Blue team preparations – Get ready defenders! - Not ready for pentest? Get ready! - Log all things! Educate all things! - Red team tactics – Hack with love! - The scope question – Hack all things! - Social Engineering – Assess, train, assess! - Team communication - Wolf! Man on! Watch out! - Putting it all together – fine tuning
© 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
© 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
© 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
© 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
© 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
© 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
© 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
© 2015 Denim Group – All Rights Reserved Blue team tactics - Brace yourself
© 2015 Denim Group – All Rights Reserved Blue team tactics - Security Fundamentals
© 2015 Denim Group – All Rights Reserved Blue team tactics - Security Fundamentals - Patch management - Locked down DMZ firewall and servers. - Proper segmentation - Vulnerability scanning - Monitoring - Security Awareness Training (Web based CBT?) - Skills (Be a sysadmin)
© 2015 Denim Group – All Rights Reserved Blue team tactics - Internal Assessments - Vulnerability scanning (minimum) - Internal pentesting (resources needed) - System hardening / Compliance scans - Patch management program - VA data to patch cycle
© 2015 Denim Group – All Rights Reserved Blue team tactics - Logs, Logs and more logs - Firewall, IPS, Servers, network devices, etc.
© 2015 Denim Group – All Rights Reserved Blue team tactics - Configure tools properly - Malware detection, IPS, Log levels, etc - http://hackerhurricane.blogspot.com/ - http://www.slideshare.net/Hackerhurricane/windows- logging-cheat-sheet-v11 - Personnel resources - Skills and training
© 2015 Denim Group – All Rights Reserved Blue team tactics - Netflow / Packet Capture - Proper location - Tool to view and understand the flows - Use Cases - Unauth traffic from/to internet - (ftp, telnet, non-standard http(s)) - C2, Unexpected traffic - Sensitive information unencrypted - Unusual spikes in traffic - Internal server access - Internal detection of spread of malware
© 2015 Denim Group – All Rights Reserved Blue team tactics - SIEM - Remember Personnel requirements! - Central Log repository - Log correlation - Ease of Log search
© 2015 Denim Group – All Rights Reserved Blue team tactics - That pentest engagement is getting closer.
© 2015 Denim Group – All Rights Reserved Blue team tactics - CISO - Pentest is coming (black box, white box, grey box) - Incentives (awards, gear, etc)
© 2015 Denim Group – All Rights Reserved Blue team tactics - Be Confident
© 2015 Denim Group – All Rights Reserved Red team tactics - Defined: - Red Team vs Penetration test? - Scope - Social Engineering - Physical Testing - Man Power used - Collaboration needed - Exploits / havoc wreaked
© 2015 Denim Group – All Rights Reserved Red team tactics - Are we ready for full Red Team Assessment - Full scope, Physical, SE, all out attack - Nation State tactics
© 2015 Denim Group – All Rights Reserved Red team tactics – Hack with love! - Team Player Attitude
© 2015 Denim Group – All Rights Reserved Red team tactics – Hack with love! - OOOOOOOOOOOOHH Day!!!!
© 2015 Denim Group – All Rights Reserved Red team tactics – Hack with love! - OOOOOOOOOOOOHH Day!!!!
© 2015 Denim Group – All Rights Reserved Red team tactics – Hack with love! - OOOOOOOOOOOOHH Day!!!!
© 2015 Denim Group – All Rights Reserved Red team tactics - Social Engineering - Are employees trained? Not CBT, not 1 Lunch and Learn. - Its no use, cant fix… - Blue team: We have firewall, AV.
© 2015 Denim Group – All Rights Reserved Red team tactics - Social Engineering
© 2015 Denim Group – All Rights Reserved Red team tactics - Social Engineering – Dave Kennedy - Destroying Education and Awareness - https://www.youtube.com/watch?v=ldvI12lpeEI - WebJacking in SET - http://www.restrictedintelligence.co.uk/
© 2015 Denim Group – All Rights Reserved Red team tactics - Full Scope.
© 2015 Denim Group – All Rights Reserved Purple Team tactics - Unprepared Blue Teams - Recommendation on Personnel - Training of Personnel(SANS, Books, podcasts, RSS) - Assistance with tools implementation (SIEM rules) - Retesting and verifying (segmentation, IPS/SIEM)
© 2015 Denim Group – All Rights Reserved Purple Team tactics - All Blue Teams - Adversary simulation (Rafa Mudge) - http://blog.cobaltstrike.com/2014/11/12/adversary-simulation- becomes-a-thing/ - Malleable C2 - Nation State simulation
© 2015 Denim Group – All Rights Reserved Purple Team tactics - Testing Scenarios - WAF - IPS/IDS - AV - Malware Detection - DLP - More… - What exists in your SOC: - Monitoring TEAM - Deployment/UpKeep/Configuration TEAM
© 2015 Denim Group – All Rights Reserved Purple Team tactics - SIEM Rules - Idea mentioned by Kevin Johnson @ BsidesATX - As a pentester, provide SIEM rules to blue teams - Any vendor - An idea, a possibility? - Purple Team Talk by Kevin Johnson and James Jardine - https://youtu.be/ARM2ArOw9sI
© 2015 Denim Group – All Rights Reserved Purple Team tactics - We Talked Logs/Events - Lets Talk Flows/packet analysis - Example from compromising a system: - Beacon - Setoolkit / Metasploit
© 2015 Denim Group – All Rights Reserved Purple Team tactics
© 2015 Denim Group – All Rights Reserved Purple Team tactics
© 2015 Denim Group – All Rights Reserved Purple Team tactics
© 2015 Denim Group – All Rights Reserved Purple Team tactics
© 2015 Denim Group – All Rights Reserved Purple Team tactics
© 2015 Denim Group – All Rights Reserved Purple Team tactics
© 2015 Denim Group – All Rights Reserved Purple Team tactics
© 2015 Denim Group – All Rights Reserved Purple Team tactics
© 2015 Denim Group – All Rights Reserved Purple Team tactics - So what’s the point? - Bring the education - Work together and keep communication high - Blue and Red have to equally contribute - Don’t throw over the fence - Make reports beneficial - Remediation?
© 2015 Denim Group – All Rights Reserved Comments? Questions? Twitter: @beto_atx Email: acampa@denimgroup.com

Recommended

Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Chris Gates
 
Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Christopher Korban
 
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Jorge Orchilles
 
Purple team is awesome
Purple team is awesomePurple team is awesome
Purple team is awesomeSumedt Jitpukdebodin
 
DerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedDerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedWill Schroeder
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFJorge Orchilles
 
Next Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMNext Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMBGA Cyber Security
 
OSINT Social Media Techniques - Macau social mediat lc
OSINT Social Media Techniques - Macau social mediat lc OSINT Social Media Techniques - Macau social mediat lc
OSINT Social Media Techniques - Macau social mediat lc Cyber Threat Intelligence Network
 

Recommended

Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Chris Gates
 
Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Christopher Korban
 
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Jorge Orchilles
 
Purple team is awesome
Purple team is awesomePurple team is awesome
Purple team is awesomeSumedt Jitpukdebodin
 
DerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedDerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedWill Schroeder
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFJorge Orchilles
 
Next Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMNext Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMBGA Cyber Security
 
OSINT Social Media Techniques - Macau social mediat lc
OSINT Social Media Techniques - Macau social mediat lc OSINT Social Media Techniques - Macau social mediat lc
OSINT Social Media Techniques - Macau social mediat lc Cyber Threat Intelligence Network
 
Knowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKKnowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKMITRE ATT&CK
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked LookJason Lang
 
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Chris Gates
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You AreKatie Nickels
 
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementUsing IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementJoe Vest
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 
SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug BountiesOWASP Nagpur
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hackingVikram Khanna
 
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?ITpreneurs
 
Maturity Model of Security Disciplines
Maturity Model of Security Disciplines Maturity Model of Security Disciplines
Maturity Model of Security Disciplines Florian Roth
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...MITRE ATT&CK
 
Outlook and Exchange for the bad guys
Outlook and Exchange for the bad guysOutlook and Exchange for the bad guys
Outlook and Exchange for the bad guysNick Landers
 
From Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedFrom Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedMITRE - ATT&CKcon
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Adversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEAdversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEJorge Orchilles
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
 
What You're Missing With Your Current WAF Provider
What You're Missing With Your Current WAF ProviderWhat You're Missing With Your Current WAF Provider
What You're Missing With Your Current WAF ProviderCloudflare
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013beltface
 
Security by Collaboration: Rethinking Red Teams versus Blue Teams
Security by Collaboration: Rethinking Red Teams versus Blue TeamsSecurity by Collaboration: Rethinking Red Teams versus Blue Teams
Security by Collaboration: Rethinking Red Teams versus Blue TeamsAlienVault
 

More Related Content

What's hot

Knowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKKnowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKMITRE ATT&CK
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked LookJason Lang
 
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Chris Gates
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You AreKatie Nickels
 
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementUsing IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementJoe Vest
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 
SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug BountiesOWASP Nagpur
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hackingVikram Khanna
 
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?ITpreneurs
 
Maturity Model of Security Disciplines
Maturity Model of Security Disciplines Maturity Model of Security Disciplines
Maturity Model of Security Disciplines Florian Roth
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...MITRE ATT&CK
 
Outlook and Exchange for the bad guys
Outlook and Exchange for the bad guysOutlook and Exchange for the bad guys
Outlook and Exchange for the bad guysNick Landers
 
From Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedFrom Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedMITRE - ATT&CKcon
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Adversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEAdversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEJorge Orchilles
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
 
What You're Missing With Your Current WAF Provider
What You're Missing With Your Current WAF ProviderWhat You're Missing With Your Current WAF Provider
What You're Missing With Your Current WAF ProviderCloudflare
 

What's hot (20)

Knowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKKnowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CK
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked Look
 
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
 
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementUsing IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
 
SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug Bounties
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hacking
 
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
 
Maturity Model of Security Disciplines
Maturity Model of Security Disciplines Maturity Model of Security Disciplines
Maturity Model of Security Disciplines
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
 
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
 
Outlook and Exchange for the bad guys
Outlook and Exchange for the bad guysOutlook and Exchange for the bad guys
Outlook and Exchange for the bad guys
 
From Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedFrom Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have Changed
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 
Adversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEAdversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSE
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize Risk
 
What You're Missing With Your Current WAF Provider
What You're Missing With Your Current WAF ProviderWhat You're Missing With Your Current WAF Provider
What You're Missing With Your Current WAF Provider
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 

Viewers also liked

Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013beltface
 
Security by Collaboration: Rethinking Red Teams versus Blue Teams
Security by Collaboration: Rethinking Red Teams versus Blue TeamsSecurity by Collaboration: Rethinking Red Teams versus Blue Teams
Security by Collaboration: Rethinking Red Teams versus Blue TeamsAlienVault
 
Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later Chris Gates
 
Automation of Penetration Testing
Automation of Penetration TestingAutomation of Penetration Testing
Automation of Penetration TestingHaydn Johnson
 
Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Chris Gates
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest Haydn Johnson
 
Red team, Blue Team or White Cell
Red team, Blue Team or White CellRed team, Blue Team or White Cell
Red team, Blue Team or White CellFrank Breedijk
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsChris Gates
 

Viewers also liked (10)

Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013
 
Security by Collaboration: Rethinking Red Teams versus Blue Teams
Security by Collaboration: Rethinking Red Teams versus Blue TeamsSecurity by Collaboration: Rethinking Red Teams versus Blue Teams
Security by Collaboration: Rethinking Red Teams versus Blue Teams
 
Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later
 
Empire Work shop
Empire Work shopEmpire Work shop
Empire Work shop
 
Purple View
Purple ViewPurple View
Purple View
 
Automation of Penetration Testing
Automation of Penetration TestingAutomation of Penetration Testing
Automation of Penetration Testing
 
Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest
 
Red team, Blue Team or White Cell
Red team, Blue Team or White CellRed team, Blue Team or White Cell
Red team, Blue Team or White Cell
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
 

Similar to Cyber Purple Teaming: Uniting Blue and Red Teams - B Sides San Antonio - Albert Campa, Denim Group

From an Experience of Vulnerability Reporting
From an Experience of Vulnerability ReportingFrom an Experience of Vulnerability Reporting
From an Experience of Vulnerability ReportingKaoru Maeda
 
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramAppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramDenim Group
 
ThreadFix 2.2 Preview Webinar with Dan Cornell
ThreadFix 2.2 Preview Webinar with Dan CornellThreadFix 2.2 Preview Webinar with Dan Cornell
ThreadFix 2.2 Preview Webinar with Dan CornellDenim Group
 
When Content Meets Data, Big Things Happen - Peter Krmpotic, Adobe
When Content Meets Data, Big Things Happen - Peter Krmpotic, AdobeWhen Content Meets Data, Big Things Happen - Peter Krmpotic, Adobe
When Content Meets Data, Big Things Happen - Peter Krmpotic, AdobeNewsCred
 
SecDevOps: Development Tools for Security Pros
SecDevOps: Development Tools for Security ProsSecDevOps: Development Tools for Security Pros
SecDevOps: Development Tools for Security ProsDenim Group
 
OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20Denim Group
 
SecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingSecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingGreg Foss
 
Structuring and Scaling an Application Security Program
Structuring and Scaling an Application Security ProgramStructuring and Scaling an Application Security Program
Structuring and Scaling an Application Security ProgramDenim Group
 
Audit Manager -- Compliance made easy
Audit Manager -- Compliance made easyAudit Manager -- Compliance made easy
Audit Manager -- Compliance made easySolarwinds N-able
 
How secure are your customers.pptx
How secure are your customers.pptxHow secure are your customers.pptx
How secure are your customers.pptxSolarwinds N-able
 
April 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with SqrrlApril 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with SqrrlSqrrl
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of CompromiseFireEye, Inc.
 
Achieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity FrameworkAchieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity FrameworkKevin Fealey
 
Securing Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and YouSecuring Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and YouSAP Ariba
 
Incident Response and SAP Systems
Incident Response and SAP SystemsIncident Response and SAP Systems
Incident Response and SAP SystemsOnapsis Inc.
 
Bridging the gap between business and technology - Behaviour Driven Developme...
Bridging the gap between business and technology - Behaviour Driven Developme...Bridging the gap between business and technology - Behaviour Driven Developme...
Bridging the gap between business and technology - Behaviour Driven Developme...Eugenio Minardi
 
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringSophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringImperva
 
Drupal for Big Data - is it ready? (European Drupal Days 2015)
Drupal for Big Data - is it ready? (European Drupal Days 2015)Drupal for Big Data - is it ready? (European Drupal Days 2015)
Drupal for Big Data - is it ready? (European Drupal Days 2015)Eugenio Minardi
 
Privileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA TechnologiesPrivileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA TechnologiesTrish McGinity, CCSK
 
attune SAP Fashion Management (SAP FMS) webinar slides
attune SAP Fashion Management (SAP FMS) webinar slidesattune SAP Fashion Management (SAP FMS) webinar slides
attune SAP Fashion Management (SAP FMS) webinar slidesattune Consulting
 

Similar to Cyber Purple Teaming: Uniting Blue and Red Teams - B Sides San Antonio - Albert Campa, Denim Group (20)

From an Experience of Vulnerability Reporting
From an Experience of Vulnerability ReportingFrom an Experience of Vulnerability Reporting
From an Experience of Vulnerability Reporting
 
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramAppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
 
ThreadFix 2.2 Preview Webinar with Dan Cornell
ThreadFix 2.2 Preview Webinar with Dan CornellThreadFix 2.2 Preview Webinar with Dan Cornell
ThreadFix 2.2 Preview Webinar with Dan Cornell
 
When Content Meets Data, Big Things Happen - Peter Krmpotic, Adobe
When Content Meets Data, Big Things Happen - Peter Krmpotic, AdobeWhen Content Meets Data, Big Things Happen - Peter Krmpotic, Adobe
When Content Meets Data, Big Things Happen - Peter Krmpotic, Adobe
 
SecDevOps: Development Tools for Security Pros
SecDevOps: Development Tools for Security ProsSecDevOps: Development Tools for Security Pros
SecDevOps: Development Tools for Security Pros
 
OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20
 
SecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingSecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture Training
 
Structuring and Scaling an Application Security Program
Structuring and Scaling an Application Security ProgramStructuring and Scaling an Application Security Program
Structuring and Scaling an Application Security Program
 
Audit Manager -- Compliance made easy
Audit Manager -- Compliance made easyAudit Manager -- Compliance made easy
Audit Manager -- Compliance made easy
 
How secure are your customers.pptx
How secure are your customers.pptxHow secure are your customers.pptx
How secure are your customers.pptx
 
April 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with SqrrlApril 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with Sqrrl
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of Compromise
 
Achieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity FrameworkAchieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity Framework
 
Securing Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and YouSecuring Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and You
 
Incident Response and SAP Systems
Incident Response and SAP SystemsIncident Response and SAP Systems
Incident Response and SAP Systems
 
Bridging the gap between business and technology - Behaviour Driven Developme...
Bridging the gap between business and technology - Behaviour Driven Developme...Bridging the gap between business and technology - Behaviour Driven Developme...
Bridging the gap between business and technology - Behaviour Driven Developme...
 
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringSophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
 
Drupal for Big Data - is it ready? (European Drupal Days 2015)
Drupal for Big Data - is it ready? (European Drupal Days 2015)Drupal for Big Data - is it ready? (European Drupal Days 2015)
Drupal for Big Data - is it ready? (European Drupal Days 2015)
 
Privileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA TechnologiesPrivileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA Technologies
 
attune SAP Fashion Management (SAP FMS) webinar slides
attune SAP Fashion Management (SAP FMS) webinar slidesattune SAP Fashion Management (SAP FMS) webinar slides
attune SAP Fashion Management (SAP FMS) webinar slides
 

More from Denim Group

Long-term Impact of Log4J
Long-term Impact of Log4JLong-term Impact of Log4J
Long-term Impact of Log4JDenim Group
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleDenim Group
 
Application Asset Management with ThreadFix
Application Asset Management with ThreadFix Application Asset Management with ThreadFix
Application Asset Management with ThreadFixDenim Group
 
Using Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team SportUsing Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team SportDenim Group
 
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Denim Group
 
Security Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your OrganizationSecurity Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your OrganizationDenim Group
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsDenim Group
 
An Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsAn Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsDenim Group
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Denim Group
 
A New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixA New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixDenim Group
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Denim Group
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationAppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationDenim Group
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsDenim Group
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Denim Group
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation AppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationDenim Group
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceDenim Group
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceDenim Group
 
Assessing Business Operations Risk With Unified Vulnerability Management in T...
Assessing Business Operations Risk With Unified Vulnerability Management in T...Assessing Business Operations Risk With Unified Vulnerability Management in T...
Assessing Business Operations Risk With Unified Vulnerability Management in T...Denim Group
 

More from Denim Group (20)

Long-term Impact of Log4J
Long-term Impact of Log4JLong-term Impact of Log4J
Long-term Impact of Log4J
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
 
Application Asset Management with ThreadFix
Application Asset Management with ThreadFix Application Asset Management with ThreadFix
Application Asset Management with ThreadFix
 
Using Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team SportUsing Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team Sport
 
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
 
Security Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your OrganizationSecurity Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your Organization
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native Applications
 
An Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsAn Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT Systems
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
 
A New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixA New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFix
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationAppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native Applications
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack Surface
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack Surface
 
Assessing Business Operations Risk With Unified Vulnerability Management in T...
Assessing Business Operations Risk With Unified Vulnerability Management in T...Assessing Business Operations Risk With Unified Vulnerability Management in T...
Assessing Business Operations Risk With Unified Vulnerability Management in T...
 

Recently uploaded

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Recently uploaded (20)

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

Cyber Purple Teaming: Uniting Blue and Red Teams - B Sides San Antonio - Albert Campa, Denim Group

  • 1. © 2015 Denim Group – All Rights Reserved Cyber Purple Teaming: Uniting Blue and Red Teams Don’t forget Advanced Cyber
  • 2. © 2015 Denim Group – All Rights Reserved Introduction: - Security Consultant - Brazilian JiuJitsu practitioner - Defender of networks - Firewall admin - Linux guy - Soccer player/fan - Windows guy - Air Force guy
  • 3. © 2015 Denim Group – All Rights Reserved Points to discuss: - Blue team preparations – Get ready defenders! - Not ready for pentest? Get ready! - Log all things! Educate all things! - Red team tactics – Hack with love! - The scope question – Hack all things! - Social Engineering – Assess, train, assess! - Team communication - Wolf! Man on! Watch out! - Putting it all together – fine tuning
  • 4. © 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
  • 5. © 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
  • 6. © 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
  • 7. © 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
  • 8. © 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
  • 9. © 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
  • 10. © 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
  • 11. © 2015 Denim Group – All Rights Reserved Blue team tactics - Brace yourself
  • 12. © 2015 Denim Group – All Rights Reserved Blue team tactics - Security Fundamentals
  • 13. © 2015 Denim Group – All Rights Reserved Blue team tactics - Security Fundamentals - Patch management - Locked down DMZ firewall and servers. - Proper segmentation - Vulnerability scanning - Monitoring - Security Awareness Training (Web based CBT?) - Skills (Be a sysadmin)
  • 14. © 2015 Denim Group – All Rights Reserved Blue team tactics - Internal Assessments - Vulnerability scanning (minimum) - Internal pentesting (resources needed) - System hardening / Compliance scans - Patch management program - VA data to patch cycle
  • 15. © 2015 Denim Group – All Rights Reserved Blue team tactics - Logs, Logs and more logs - Firewall, IPS, Servers, network devices, etc.
  • 16. © 2015 Denim Group – All Rights Reserved Blue team tactics - Configure tools properly - Malware detection, IPS, Log levels, etc - http://hackerhurricane.blogspot.com/ - http://www.slideshare.net/Hackerhurricane/windows- logging-cheat-sheet-v11 - Personnel resources - Skills and training
  • 17. © 2015 Denim Group – All Rights Reserved Blue team tactics - Netflow / Packet Capture - Proper location - Tool to view and understand the flows - Use Cases - Unauth traffic from/to internet - (ftp, telnet, non-standard http(s)) - C2, Unexpected traffic - Sensitive information unencrypted - Unusual spikes in traffic - Internal server access - Internal detection of spread of malware
  • 18. © 2015 Denim Group – All Rights Reserved Blue team tactics - SIEM - Remember Personnel requirements! - Central Log repository - Log correlation - Ease of Log search
  • 19. © 2015 Denim Group – All Rights Reserved Blue team tactics - That pentest engagement is getting closer.
  • 20. © 2015 Denim Group – All Rights Reserved Blue team tactics - CISO - Pentest is coming (black box, white box, grey box) - Incentives (awards, gear, etc)
  • 21. © 2015 Denim Group – All Rights Reserved Blue team tactics - Be Confident
  • 22. © 2015 Denim Group – All Rights Reserved Red team tactics - Defined: - Red Team vs Penetration test? - Scope - Social Engineering - Physical Testing - Man Power used - Collaboration needed - Exploits / havoc wreaked
  • 23. © 2015 Denim Group – All Rights Reserved Red team tactics - Are we ready for full Red Team Assessment - Full scope, Physical, SE, all out attack - Nation State tactics
  • 24. © 2015 Denim Group – All Rights Reserved Red team tactics – Hack with love! - Team Player Attitude
  • 25. © 2015 Denim Group – All Rights Reserved Red team tactics – Hack with love! - OOOOOOOOOOOOHH Day!!!!
  • 26. © 2015 Denim Group – All Rights Reserved Red team tactics – Hack with love! - OOOOOOOOOOOOHH Day!!!!
  • 27. © 2015 Denim Group – All Rights Reserved Red team tactics – Hack with love! - OOOOOOOOOOOOHH Day!!!!
  • 28. © 2015 Denim Group – All Rights Reserved Red team tactics - Social Engineering - Are employees trained? Not CBT, not 1 Lunch and Learn. - Its no use, cant fix… - Blue team: We have firewall, AV.
  • 29. © 2015 Denim Group – All Rights Reserved Red team tactics - Social Engineering
  • 30. © 2015 Denim Group – All Rights Reserved Red team tactics - Social Engineering – Dave Kennedy - Destroying Education and Awareness - https://www.youtube.com/watch?v=ldvI12lpeEI - WebJacking in SET - http://www.restrictedintelligence.co.uk/
  • 31. © 2015 Denim Group – All Rights Reserved Red team tactics - Full Scope.
  • 32. © 2015 Denim Group – All Rights Reserved Purple Team tactics - Unprepared Blue Teams - Recommendation on Personnel - Training of Personnel(SANS, Books, podcasts, RSS) - Assistance with tools implementation (SIEM rules) - Retesting and verifying (segmentation, IPS/SIEM)
  • 33. © 2015 Denim Group – All Rights Reserved Purple Team tactics - All Blue Teams - Adversary simulation (Rafa Mudge) - http://blog.cobaltstrike.com/2014/11/12/adversary-simulation- becomes-a-thing/ - Malleable C2 - Nation State simulation
  • 34. © 2015 Denim Group – All Rights Reserved Purple Team tactics - Testing Scenarios - WAF - IPS/IDS - AV - Malware Detection - DLP - More… - What exists in your SOC: - Monitoring TEAM - Deployment/UpKeep/Configuration TEAM
  • 35. © 2015 Denim Group – All Rights Reserved Purple Team tactics - SIEM Rules - Idea mentioned by Kevin Johnson @ BsidesATX - As a pentester, provide SIEM rules to blue teams - Any vendor - An idea, a possibility? - Purple Team Talk by Kevin Johnson and James Jardine - https://youtu.be/ARM2ArOw9sI
  • 36. © 2015 Denim Group – All Rights Reserved Purple Team tactics - We Talked Logs/Events - Lets Talk Flows/packet analysis - Example from compromising a system: - Beacon - Setoolkit / Metasploit
  • 37. © 2015 Denim Group – All Rights Reserved Purple Team tactics
  • 38. © 2015 Denim Group – All Rights Reserved Purple Team tactics
  • 39. © 2015 Denim Group – All Rights Reserved Purple Team tactics
  • 40. © 2015 Denim Group – All Rights Reserved Purple Team tactics
  • 41. © 2015 Denim Group – All Rights Reserved Purple Team tactics
  • 42. © 2015 Denim Group – All Rights Reserved Purple Team tactics
  • 43. © 2015 Denim Group – All Rights Reserved Purple Team tactics
  • 44. © 2015 Denim Group – All Rights Reserved Purple Team tactics
  • 45. © 2015 Denim Group – All Rights Reserved Purple Team tactics - So what’s the point? - Bring the education - Work together and keep communication high - Blue and Red have to equally contribute - Don’t throw over the fence - Make reports beneficial - Remediation?
  • 46. © 2015 Denim Group – All Rights Reserved Comments? Questions? Twitter: @beto_atx Email: acampa@denimgroup.com