Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cyber Purple Teaming: Uniting Blue and Red Teams - B Sides San Antonio - Albert Campa, Denim Group

3,081 views

Published on

You’ve heard of black, white, and gray box testing? Adding to the security color spectrum, Red Teams (pen testers) working together with Blue Teams (defenders), can improve organizational security and get the most out of security assessments. This talk will discuss both general and specific concepts and techniques to improve penetration tests with coordination of internal security teams. We will discuss high level topics such as knowing what type of assessment is needed for your organization, to more detailed technical concepts such as detecting attack traffic and coordinating with red team attacks. If your internal security team isn't ready for a pentest, lets discuss steps to get your team prepared and ready to fully take advantage of full scope penetration tests. From a pentester perspective, we will discuss the types of testing that is most beneficial to your clients and how to communicate and perform testing activities in conjunction with blue teams. We will also talk about ways to assist the teams with remediation from a 3rd party point of view.

What are the three key points an audience will receive:
· Pen testing techniques on working with internal security
· Internal security techniques for detecting attacks
· Concepts on performing the best type of pen test for your customers

Published in: Technology
  • Be the first to comment

Cyber Purple Teaming: Uniting Blue and Red Teams - B Sides San Antonio - Albert Campa, Denim Group

  1. 1. © 2015 Denim Group – All Rights Reserved Cyber Purple Teaming: Uniting Blue and Red Teams Don’t forget Advanced Cyber
  2. 2. © 2015 Denim Group – All Rights Reserved Introduction: - Security Consultant - Brazilian JiuJitsu practitioner - Defender of networks - Firewall admin - Linux guy - Soccer player/fan - Windows guy - Air Force guy
  3. 3. © 2015 Denim Group – All Rights Reserved Points to discuss: - Blue team preparations – Get ready defenders! - Not ready for pentest? Get ready! - Log all things! Educate all things! - Red team tactics – Hack with love! - The scope question – Hack all things! - Social Engineering – Assess, train, assess! - Team communication - Wolf! Man on! Watch out! - Putting it all together – fine tuning
  4. 4. © 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
  5. 5. © 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
  6. 6. © 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
  7. 7. © 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
  8. 8. © 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
  9. 9. © 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
  10. 10. © 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
  11. 11. © 2015 Denim Group – All Rights Reserved Blue team tactics - Brace yourself
  12. 12. © 2015 Denim Group – All Rights Reserved Blue team tactics - Security Fundamentals
  13. 13. © 2015 Denim Group – All Rights Reserved Blue team tactics - Security Fundamentals - Patch management - Locked down DMZ firewall and servers. - Proper segmentation - Vulnerability scanning - Monitoring - Security Awareness Training (Web based CBT?) - Skills (Be a sysadmin)
  14. 14. © 2015 Denim Group – All Rights Reserved Blue team tactics - Internal Assessments - Vulnerability scanning (minimum) - Internal pentesting (resources needed) - System hardening / Compliance scans - Patch management program - VA data to patch cycle
  15. 15. © 2015 Denim Group – All Rights Reserved Blue team tactics - Logs, Logs and more logs - Firewall, IPS, Servers, network devices, etc.
  16. 16. © 2015 Denim Group – All Rights Reserved Blue team tactics - Configure tools properly - Malware detection, IPS, Log levels, etc - http://hackerhurricane.blogspot.com/ - http://www.slideshare.net/Hackerhurricane/windows- logging-cheat-sheet-v11 - Personnel resources - Skills and training
  17. 17. © 2015 Denim Group – All Rights Reserved Blue team tactics - Netflow / Packet Capture - Proper location - Tool to view and understand the flows - Use Cases - Unauth traffic from/to internet - (ftp, telnet, non-standard http(s)) - C2, Unexpected traffic - Sensitive information unencrypted - Unusual spikes in traffic - Internal server access - Internal detection of spread of malware
  18. 18. © 2015 Denim Group – All Rights Reserved Blue team tactics - SIEM - Remember Personnel requirements! - Central Log repository - Log correlation - Ease of Log search
  19. 19. © 2015 Denim Group – All Rights Reserved Blue team tactics - That pentest engagement is getting closer.
  20. 20. © 2015 Denim Group – All Rights Reserved Blue team tactics - CISO - Pentest is coming (black box, white box, grey box) - Incentives (awards, gear, etc)
  21. 21. © 2015 Denim Group – All Rights Reserved Blue team tactics - Be Confident
  22. 22. © 2015 Denim Group – All Rights Reserved Red team tactics - Defined: - Red Team vs Penetration test? - Scope - Social Engineering - Physical Testing - Man Power used - Collaboration needed - Exploits / havoc wreaked
  23. 23. © 2015 Denim Group – All Rights Reserved Red team tactics - Are we ready for full Red Team Assessment - Full scope, Physical, SE, all out attack - Nation State tactics
  24. 24. © 2015 Denim Group – All Rights Reserved Red team tactics – Hack with love! - Team Player Attitude
  25. 25. © 2015 Denim Group – All Rights Reserved Red team tactics – Hack with love! - OOOOOOOOOOOOHH Day!!!!
  26. 26. © 2015 Denim Group – All Rights Reserved Red team tactics – Hack with love! - OOOOOOOOOOOOHH Day!!!!
  27. 27. © 2015 Denim Group – All Rights Reserved Red team tactics – Hack with love! - OOOOOOOOOOOOHH Day!!!!
  28. 28. © 2015 Denim Group – All Rights Reserved Red team tactics - Social Engineering - Are employees trained? Not CBT, not 1 Lunch and Learn. - Its no use, cant fix… - Blue team: We have firewall, AV.
  29. 29. © 2015 Denim Group – All Rights Reserved Red team tactics - Social Engineering
  30. 30. © 2015 Denim Group – All Rights Reserved Red team tactics - Social Engineering – Dave Kennedy - Destroying Education and Awareness - https://www.youtube.com/watch?v=ldvI12lpeEI - WebJacking in SET - http://www.restrictedintelligence.co.uk/
  31. 31. © 2015 Denim Group – All Rights Reserved Red team tactics - Full Scope.
  32. 32. © 2015 Denim Group – All Rights Reserved Purple Team tactics - Unprepared Blue Teams - Recommendation on Personnel - Training of Personnel(SANS, Books, podcasts, RSS) - Assistance with tools implementation (SIEM rules) - Retesting and verifying (segmentation, IPS/SIEM)
  33. 33. © 2015 Denim Group – All Rights Reserved Purple Team tactics - All Blue Teams - Adversary simulation (Rafa Mudge) - http://blog.cobaltstrike.com/2014/11/12/adversary-simulation- becomes-a-thing/ - Malleable C2 - Nation State simulation
  34. 34. © 2015 Denim Group – All Rights Reserved Purple Team tactics - Testing Scenarios - WAF - IPS/IDS - AV - Malware Detection - DLP - More… - What exists in your SOC: - Monitoring TEAM - Deployment/UpKeep/Configuration TEAM
  35. 35. © 2015 Denim Group – All Rights Reserved Purple Team tactics - SIEM Rules - Idea mentioned by Kevin Johnson @ BsidesATX - As a pentester, provide SIEM rules to blue teams - Any vendor - An idea, a possibility? - Purple Team Talk by Kevin Johnson and James Jardine - https://youtu.be/ARM2ArOw9sI
  36. 36. © 2015 Denim Group – All Rights Reserved Purple Team tactics - We Talked Logs/Events - Lets Talk Flows/packet analysis - Example from compromising a system: - Beacon - Setoolkit / Metasploit
  37. 37. © 2015 Denim Group – All Rights Reserved Purple Team tactics
  38. 38. © 2015 Denim Group – All Rights Reserved Purple Team tactics
  39. 39. © 2015 Denim Group – All Rights Reserved Purple Team tactics
  40. 40. © 2015 Denim Group – All Rights Reserved Purple Team tactics
  41. 41. © 2015 Denim Group – All Rights Reserved Purple Team tactics
  42. 42. © 2015 Denim Group – All Rights Reserved Purple Team tactics
  43. 43. © 2015 Denim Group – All Rights Reserved Purple Team tactics
  44. 44. © 2015 Denim Group – All Rights Reserved Purple Team tactics
  45. 45. © 2015 Denim Group – All Rights Reserved Purple Team tactics - So what’s the point? - Bring the education - Work together and keep communication high - Blue and Red have to equally contribute - Don’t throw over the fence - Make reports beneficial - Remediation?
  46. 46. © 2015 Denim Group – All Rights Reserved Comments? Questions? Twitter: @beto_atx Email: acampa@denimgroup.com

×