SlideShare a Scribd company logo
1 of 46
Download to read offline
© 2015 Denim Group – All Rights Reserved
Cyber Purple Teaming: Uniting
Blue and Red Teams
Don’t forget Advanced Cyber
© 2015 Denim Group – All Rights Reserved
Introduction:
- Security Consultant
- Brazilian JiuJitsu practitioner
- Defender of networks
- Firewall admin
- Linux guy
- Soccer player/fan
- Windows guy
- Air Force guy
© 2015 Denim Group – All Rights Reserved
Points to discuss:
- Blue team preparations – Get ready defenders!
- Not ready for pentest? Get ready!
- Log all things! Educate all things!
- Red team tactics – Hack with love!
- The scope question – Hack all things!
- Social Engineering – Assess, train, assess!
- Team communication
- Wolf! Man on! Watch out!
- Putting it all together – fine tuning
© 2015 Denim Group – All Rights Reserved
Red Team vs Blue Team:
© 2015 Denim Group – All Rights Reserved
Red Team vs Blue Team:
© 2015 Denim Group – All Rights Reserved
Red Team vs Blue Team:
© 2015 Denim Group – All Rights Reserved
Red Team vs Blue Team:
© 2015 Denim Group – All Rights Reserved
Red Team vs Blue Team:
© 2015 Denim Group – All Rights Reserved
Red Team vs Blue Team:
© 2015 Denim Group – All Rights Reserved
Red Team vs Blue Team:
© 2015 Denim Group – All Rights Reserved
Blue team tactics
- Brace yourself
© 2015 Denim Group – All Rights Reserved
Blue team tactics
- Security Fundamentals
© 2015 Denim Group – All Rights Reserved
Blue team tactics
- Security Fundamentals
- Patch management
- Locked down DMZ firewall and servers.
- Proper segmentation
- Vulnerability scanning
- Monitoring
- Security Awareness Training (Web based CBT?)
- Skills (Be a sysadmin)
© 2015 Denim Group – All Rights Reserved
Blue team tactics
- Internal Assessments
- Vulnerability scanning (minimum)
- Internal pentesting (resources needed)
- System hardening / Compliance scans
- Patch management program
- VA data to patch cycle
© 2015 Denim Group – All Rights Reserved
Blue team tactics
- Logs, Logs and more logs
- Firewall, IPS, Servers, network devices, etc.
© 2015 Denim Group – All Rights Reserved
Blue team tactics
- Configure tools properly
- Malware detection, IPS, Log levels, etc
- http://hackerhurricane.blogspot.com/
- http://www.slideshare.net/Hackerhurricane/windows-
logging-cheat-sheet-v11
- Personnel resources
- Skills and training
© 2015 Denim Group – All Rights Reserved
Blue team tactics
- Netflow / Packet Capture
- Proper location
- Tool to view and understand the flows
- Use Cases
- Unauth traffic from/to internet
- (ftp, telnet, non-standard http(s))
- C2, Unexpected traffic
- Sensitive information unencrypted
- Unusual spikes in traffic
- Internal server access
- Internal detection of spread of malware
© 2015 Denim Group – All Rights Reserved
Blue team tactics
- SIEM
- Remember Personnel requirements!
- Central Log repository
- Log correlation
- Ease of Log search
© 2015 Denim Group – All Rights Reserved
Blue team tactics
- That pentest engagement is getting closer.
© 2015 Denim Group – All Rights Reserved
Blue team tactics
- CISO
- Pentest is coming (black box, white box, grey box)
- Incentives (awards, gear, etc)
© 2015 Denim Group – All Rights Reserved
Blue team tactics
- Be Confident
© 2015 Denim Group – All Rights Reserved
Red team tactics
- Defined:
- Red Team vs Penetration test?
- Scope
- Social Engineering
- Physical Testing
- Man Power used
- Collaboration needed
- Exploits / havoc wreaked
© 2015 Denim Group – All Rights Reserved
Red team tactics
- Are we ready for full Red Team Assessment
- Full scope, Physical, SE, all out attack
- Nation State tactics
© 2015 Denim Group – All Rights Reserved
Red team tactics – Hack with love!
- Team Player Attitude
© 2015 Denim Group – All Rights Reserved
Red team tactics – Hack with love!
- OOOOOOOOOOOOHH Day!!!!
© 2015 Denim Group – All Rights Reserved
Red team tactics – Hack with love!
- OOOOOOOOOOOOHH Day!!!!
© 2015 Denim Group – All Rights Reserved
Red team tactics – Hack with love!
- OOOOOOOOOOOOHH Day!!!!
© 2015 Denim Group – All Rights Reserved
Red team tactics
- Social Engineering
- Are employees trained? Not CBT, not 1 Lunch and Learn.
- Its no use, cant fix…
- Blue team: We have firewall, AV.
© 2015 Denim Group – All Rights Reserved
Red team tactics
- Social Engineering
© 2015 Denim Group – All Rights Reserved
Red team tactics
- Social Engineering – Dave Kennedy
- Destroying Education and Awareness
- https://www.youtube.com/watch?v=ldvI12lpeEI
- WebJacking in SET
- http://www.restrictedintelligence.co.uk/
© 2015 Denim Group – All Rights Reserved
Red team tactics
- Full Scope.
© 2015 Denim Group – All Rights Reserved
Purple Team tactics
- Unprepared Blue Teams
- Recommendation on Personnel
- Training of Personnel(SANS, Books, podcasts, RSS)
- Assistance with tools implementation (SIEM rules)
- Retesting and verifying (segmentation, IPS/SIEM)
© 2015 Denim Group – All Rights Reserved
Purple Team tactics
- All Blue Teams
- Adversary simulation (Rafa Mudge)
- http://blog.cobaltstrike.com/2014/11/12/adversary-simulation-
becomes-a-thing/
- Malleable C2
- Nation State simulation
© 2015 Denim Group – All Rights Reserved
Purple Team tactics
- Testing Scenarios
- WAF
- IPS/IDS
- AV
- Malware Detection
- DLP
- More…
- What exists in your SOC:
- Monitoring TEAM
- Deployment/UpKeep/Configuration TEAM
© 2015 Denim Group – All Rights Reserved
Purple Team tactics
- SIEM Rules
- Idea mentioned by Kevin Johnson @ BsidesATX
- As a pentester, provide SIEM rules to blue teams
- Any vendor
- An idea, a possibility?
- Purple Team Talk by Kevin Johnson and James Jardine
- https://youtu.be/ARM2ArOw9sI
© 2015 Denim Group – All Rights Reserved
Purple Team tactics
- We Talked Logs/Events
- Lets Talk Flows/packet analysis
- Example from compromising a system:
- Beacon
- Setoolkit / Metasploit
© 2015 Denim Group – All Rights Reserved
Purple Team tactics
© 2015 Denim Group – All Rights Reserved
Purple Team tactics
© 2015 Denim Group – All Rights Reserved
Purple Team tactics
© 2015 Denim Group – All Rights Reserved
Purple Team tactics
© 2015 Denim Group – All Rights Reserved
Purple Team tactics
© 2015 Denim Group – All Rights Reserved
Purple Team tactics
© 2015 Denim Group – All Rights Reserved
Purple Team tactics
© 2015 Denim Group – All Rights Reserved
Purple Team tactics
© 2015 Denim Group – All Rights Reserved
Purple Team tactics
- So what’s the point?
- Bring the education
- Work together and keep communication high
- Blue and Red have to equally contribute
- Don’t throw over the fence
- Make reports beneficial
- Remediation?
© 2015 Denim Group – All Rights Reserved
Comments? Questions?
Twitter: @beto_atx
Email: acampa@denimgroup.com

More Related Content

What's hot

Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Jorge Orchilles
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
Adversary Emulation and the C2 Matrix
Adversary Emulation and the C2 MatrixAdversary Emulation and the C2 Matrix
Adversary Emulation and the C2 MatrixJorge Orchilles
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
One Leg to Stand on: Adventures in Adversary Tracking with ATT&CK
One Leg to Stand on: Adventures in Adversary Tracking with ATT&CKOne Leg to Stand on: Adventures in Adversary Tracking with ATT&CK
One Leg to Stand on: Adventures in Adversary Tracking with ATT&CKMITRE ATT&CK
 
Python-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationPython-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationSatria Ady Pradana
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFJorge Orchilles
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01Michael Gough
 
PowerShell for Practical Purple Teaming
PowerShell for Practical Purple TeamingPowerShell for Practical Purple Teaming
PowerShell for Practical Purple TeamingNikhil Mittal
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?Jonathan Sinclair
 
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red TeamWhat is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red TeamMITRE ATT&CK
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hackingVikram Khanna
 
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksSANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksMauricio Velazco
 
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)MITRE ATT&CK
 
Purple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConPurple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConJorge Orchilles
 
Purple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHatPurple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHatJorge Orchilles
 

What's hot (20)

Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Adversary Emulation and the C2 Matrix
Adversary Emulation and the C2 MatrixAdversary Emulation and the C2 Matrix
Adversary Emulation and the C2 Matrix
 
ATT&CKcon Intro
ATT&CKcon IntroATT&CKcon Intro
ATT&CKcon Intro
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
One Leg to Stand on: Adventures in Adversary Tracking with ATT&CK
One Leg to Stand on: Adventures in Adversary Tracking with ATT&CKOne Leg to Stand on: Adventures in Adversary Tracking with ATT&CK
One Leg to Stand on: Adventures in Adversary Tracking with ATT&CK
 
Python-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationPython-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming Operation
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEF
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
 
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
 
PowerShell for Practical Purple Teaming
PowerShell for Practical Purple TeamingPowerShell for Practical Purple Teaming
PowerShell for Practical Purple Teaming
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINT
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
 
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red TeamWhat is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hacking
 
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksSANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
 
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
 
Purple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConPurple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMCon
 
Purple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHatPurple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHat
 

Viewers also liked

Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013beltface
 
Security by Collaboration: Rethinking Red Teams versus Blue Teams
Security by Collaboration: Rethinking Red Teams versus Blue TeamsSecurity by Collaboration: Rethinking Red Teams versus Blue Teams
Security by Collaboration: Rethinking Red Teams versus Blue TeamsAlienVault
 
Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later Chris Gates
 
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone  Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone  Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Chris Gates
 
Automation of Penetration Testing
Automation of Penetration TestingAutomation of Penetration Testing
Automation of Penetration TestingHaydn Johnson
 
Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Chris Gates
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest Haydn Johnson
 
Red team, Blue Team or White Cell
Red team, Blue Team or White CellRed team, Blue Team or White Cell
Red team, Blue Team or White CellFrank Breedijk
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsChris Gates
 

Viewers also liked (11)

Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013
 
Security by Collaboration: Rethinking Red Teams versus Blue Teams
Security by Collaboration: Rethinking Red Teams versus Blue TeamsSecurity by Collaboration: Rethinking Red Teams versus Blue Teams
Security by Collaboration: Rethinking Red Teams versus Blue Teams
 
Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later
 
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone  Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone  Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
 
Empire Work shop
Empire Work shopEmpire Work shop
Empire Work shop
 
Purple View
Purple ViewPurple View
Purple View
 
Automation of Penetration Testing
Automation of Penetration TestingAutomation of Penetration Testing
Automation of Penetration Testing
 
Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest
 
Red team, Blue Team or White Cell
Red team, Blue Team or White CellRed team, Blue Team or White Cell
Red team, Blue Team or White Cell
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
 

Similar to Cyber Purple Teaming: Uniting Blue and Red Teams - B Sides San Antonio - Albert Campa, Denim Group

From an Experience of Vulnerability Reporting
From an Experience of Vulnerability ReportingFrom an Experience of Vulnerability Reporting
From an Experience of Vulnerability ReportingKaoru Maeda
 
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramAppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramDenim Group
 
ThreadFix 2.2 Preview Webinar with Dan Cornell
ThreadFix 2.2 Preview Webinar with Dan CornellThreadFix 2.2 Preview Webinar with Dan Cornell
ThreadFix 2.2 Preview Webinar with Dan CornellDenim Group
 
When Content Meets Data, Big Things Happen - Peter Krmpotic, Adobe
When Content Meets Data, Big Things Happen - Peter Krmpotic, AdobeWhen Content Meets Data, Big Things Happen - Peter Krmpotic, Adobe
When Content Meets Data, Big Things Happen - Peter Krmpotic, AdobeNewsCred
 
SecDevOps: Development Tools for Security Pros
SecDevOps: Development Tools for Security ProsSecDevOps: Development Tools for Security Pros
SecDevOps: Development Tools for Security ProsDenim Group
 
OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20Denim Group
 
SecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingSecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingGreg Foss
 
Structuring and Scaling an Application Security Program
Structuring and Scaling an Application Security ProgramStructuring and Scaling an Application Security Program
Structuring and Scaling an Application Security ProgramDenim Group
 
Audit Manager -- Compliance made easy
Audit Manager -- Compliance made easyAudit Manager -- Compliance made easy
Audit Manager -- Compliance made easySolarwinds N-able
 
How secure are your customers.pptx
How secure are your customers.pptxHow secure are your customers.pptx
How secure are your customers.pptxSolarwinds N-able
 
April 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with SqrrlApril 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with SqrrlSqrrl
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of CompromiseFireEye, Inc.
 
Achieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity FrameworkAchieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity FrameworkKevin Fealey
 
Securing Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and YouSecuring Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and YouSAP Ariba
 
Incident Response and SAP Systems
Incident Response and SAP SystemsIncident Response and SAP Systems
Incident Response and SAP SystemsOnapsis Inc.
 
Bridging the gap between business and technology - Behaviour Driven Developme...
Bridging the gap between business and technology - Behaviour Driven Developme...Bridging the gap between business and technology - Behaviour Driven Developme...
Bridging the gap between business and technology - Behaviour Driven Developme...Eugenio Minardi
 
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringSophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringImperva
 
Drupal for Big Data - is it ready? (European Drupal Days 2015)
Drupal for Big Data - is it ready? (European Drupal Days 2015)Drupal for Big Data - is it ready? (European Drupal Days 2015)
Drupal for Big Data - is it ready? (European Drupal Days 2015)Eugenio Minardi
 
Privileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA TechnologiesPrivileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA TechnologiesTrish McGinity, CCSK
 
attune SAP Fashion Management (SAP FMS) webinar slides
attune SAP Fashion Management (SAP FMS) webinar slidesattune SAP Fashion Management (SAP FMS) webinar slides
attune SAP Fashion Management (SAP FMS) webinar slidesattune Consulting
 

Similar to Cyber Purple Teaming: Uniting Blue and Red Teams - B Sides San Antonio - Albert Campa, Denim Group (20)

From an Experience of Vulnerability Reporting
From an Experience of Vulnerability ReportingFrom an Experience of Vulnerability Reporting
From an Experience of Vulnerability Reporting
 
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramAppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
 
ThreadFix 2.2 Preview Webinar with Dan Cornell
ThreadFix 2.2 Preview Webinar with Dan CornellThreadFix 2.2 Preview Webinar with Dan Cornell
ThreadFix 2.2 Preview Webinar with Dan Cornell
 
When Content Meets Data, Big Things Happen - Peter Krmpotic, Adobe
When Content Meets Data, Big Things Happen - Peter Krmpotic, AdobeWhen Content Meets Data, Big Things Happen - Peter Krmpotic, Adobe
When Content Meets Data, Big Things Happen - Peter Krmpotic, Adobe
 
SecDevOps: Development Tools for Security Pros
SecDevOps: Development Tools for Security ProsSecDevOps: Development Tools for Security Pros
SecDevOps: Development Tools for Security Pros
 
OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20
 
SecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingSecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture Training
 
Structuring and Scaling an Application Security Program
Structuring and Scaling an Application Security ProgramStructuring and Scaling an Application Security Program
Structuring and Scaling an Application Security Program
 
Audit Manager -- Compliance made easy
Audit Manager -- Compliance made easyAudit Manager -- Compliance made easy
Audit Manager -- Compliance made easy
 
How secure are your customers.pptx
How secure are your customers.pptxHow secure are your customers.pptx
How secure are your customers.pptx
 
April 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with SqrrlApril 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with Sqrrl
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of Compromise
 
Achieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity FrameworkAchieving Visible Security at Scale with the NIST Cybersecurity Framework
Achieving Visible Security at Scale with the NIST Cybersecurity Framework
 
Securing Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and YouSecuring Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and You
 
Incident Response and SAP Systems
Incident Response and SAP SystemsIncident Response and SAP Systems
Incident Response and SAP Systems
 
Bridging the gap between business and technology - Behaviour Driven Developme...
Bridging the gap between business and technology - Behaviour Driven Developme...Bridging the gap between business and technology - Behaviour Driven Developme...
Bridging the gap between business and technology - Behaviour Driven Developme...
 
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringSophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
 
Drupal for Big Data - is it ready? (European Drupal Days 2015)
Drupal for Big Data - is it ready? (European Drupal Days 2015)Drupal for Big Data - is it ready? (European Drupal Days 2015)
Drupal for Big Data - is it ready? (European Drupal Days 2015)
 
Privileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA TechnologiesPrivileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA Technologies
 
attune SAP Fashion Management (SAP FMS) webinar slides
attune SAP Fashion Management (SAP FMS) webinar slidesattune SAP Fashion Management (SAP FMS) webinar slides
attune SAP Fashion Management (SAP FMS) webinar slides
 

More from Denim Group

Long-term Impact of Log4J
Long-term Impact of Log4JLong-term Impact of Log4J
Long-term Impact of Log4JDenim Group
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleDenim Group
 
Application Asset Management with ThreadFix
 Application Asset Management with ThreadFix Application Asset Management with ThreadFix
Application Asset Management with ThreadFixDenim Group
 
Using Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team SportUsing Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team SportDenim Group
 
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Denim Group
 
Security Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your OrganizationSecurity Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your OrganizationDenim Group
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsDenim Group
 
An Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsAn Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsDenim Group
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Denim Group
 
A New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixA New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixDenim Group
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Denim Group
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationAppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationDenim Group
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsDenim Group
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Denim Group
 
AppSec in a World of Digital Transformation
 AppSec in a World of Digital Transformation AppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationDenim Group
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceDenim Group
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceDenim Group
 
Assessing Business Operations Risk With Unified Vulnerability Management in T...
Assessing Business Operations Risk With Unified Vulnerability Management in T...Assessing Business Operations Risk With Unified Vulnerability Management in T...
Assessing Business Operations Risk With Unified Vulnerability Management in T...Denim Group
 

More from Denim Group (20)

Long-term Impact of Log4J
Long-term Impact of Log4JLong-term Impact of Log4J
Long-term Impact of Log4J
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
 
Application Asset Management with ThreadFix
 Application Asset Management with ThreadFix Application Asset Management with ThreadFix
Application Asset Management with ThreadFix
 
Using Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team SportUsing Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team Sport
 
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
 
Security Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your OrganizationSecurity Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your Organization
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native Applications
 
An Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsAn Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT Systems
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
 
A New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixA New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFix
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationAppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native Applications
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...
 
AppSec in a World of Digital Transformation
 AppSec in a World of Digital Transformation AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack Surface
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack Surface
 
Assessing Business Operations Risk With Unified Vulnerability Management in T...
Assessing Business Operations Risk With Unified Vulnerability Management in T...Assessing Business Operations Risk With Unified Vulnerability Management in T...
Assessing Business Operations Risk With Unified Vulnerability Management in T...
 

Recently uploaded

Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
QMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdfQMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdfROWELL MARQUINA
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneUiPathCommunity
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialJoão Esperancinha
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 

Recently uploaded (20)

Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
QMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdfQMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdf
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyone
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorial
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 

Cyber Purple Teaming: Uniting Blue and Red Teams - B Sides San Antonio - Albert Campa, Denim Group

  • 1. © 2015 Denim Group – All Rights Reserved Cyber Purple Teaming: Uniting Blue and Red Teams Don’t forget Advanced Cyber
  • 2. © 2015 Denim Group – All Rights Reserved Introduction: - Security Consultant - Brazilian JiuJitsu practitioner - Defender of networks - Firewall admin - Linux guy - Soccer player/fan - Windows guy - Air Force guy
  • 3. © 2015 Denim Group – All Rights Reserved Points to discuss: - Blue team preparations – Get ready defenders! - Not ready for pentest? Get ready! - Log all things! Educate all things! - Red team tactics – Hack with love! - The scope question – Hack all things! - Social Engineering – Assess, train, assess! - Team communication - Wolf! Man on! Watch out! - Putting it all together – fine tuning
  • 4. © 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
  • 5. © 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
  • 6. © 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
  • 7. © 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
  • 8. © 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
  • 9. © 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
  • 10. © 2015 Denim Group – All Rights Reserved Red Team vs Blue Team:
  • 11. © 2015 Denim Group – All Rights Reserved Blue team tactics - Brace yourself
  • 12. © 2015 Denim Group – All Rights Reserved Blue team tactics - Security Fundamentals
  • 13. © 2015 Denim Group – All Rights Reserved Blue team tactics - Security Fundamentals - Patch management - Locked down DMZ firewall and servers. - Proper segmentation - Vulnerability scanning - Monitoring - Security Awareness Training (Web based CBT?) - Skills (Be a sysadmin)
  • 14. © 2015 Denim Group – All Rights Reserved Blue team tactics - Internal Assessments - Vulnerability scanning (minimum) - Internal pentesting (resources needed) - System hardening / Compliance scans - Patch management program - VA data to patch cycle
  • 15. © 2015 Denim Group – All Rights Reserved Blue team tactics - Logs, Logs and more logs - Firewall, IPS, Servers, network devices, etc.
  • 16. © 2015 Denim Group – All Rights Reserved Blue team tactics - Configure tools properly - Malware detection, IPS, Log levels, etc - http://hackerhurricane.blogspot.com/ - http://www.slideshare.net/Hackerhurricane/windows- logging-cheat-sheet-v11 - Personnel resources - Skills and training
  • 17. © 2015 Denim Group – All Rights Reserved Blue team tactics - Netflow / Packet Capture - Proper location - Tool to view and understand the flows - Use Cases - Unauth traffic from/to internet - (ftp, telnet, non-standard http(s)) - C2, Unexpected traffic - Sensitive information unencrypted - Unusual spikes in traffic - Internal server access - Internal detection of spread of malware
  • 18. © 2015 Denim Group – All Rights Reserved Blue team tactics - SIEM - Remember Personnel requirements! - Central Log repository - Log correlation - Ease of Log search
  • 19. © 2015 Denim Group – All Rights Reserved Blue team tactics - That pentest engagement is getting closer.
  • 20. © 2015 Denim Group – All Rights Reserved Blue team tactics - CISO - Pentest is coming (black box, white box, grey box) - Incentives (awards, gear, etc)
  • 21. © 2015 Denim Group – All Rights Reserved Blue team tactics - Be Confident
  • 22. © 2015 Denim Group – All Rights Reserved Red team tactics - Defined: - Red Team vs Penetration test? - Scope - Social Engineering - Physical Testing - Man Power used - Collaboration needed - Exploits / havoc wreaked
  • 23. © 2015 Denim Group – All Rights Reserved Red team tactics - Are we ready for full Red Team Assessment - Full scope, Physical, SE, all out attack - Nation State tactics
  • 24. © 2015 Denim Group – All Rights Reserved Red team tactics – Hack with love! - Team Player Attitude
  • 25. © 2015 Denim Group – All Rights Reserved Red team tactics – Hack with love! - OOOOOOOOOOOOHH Day!!!!
  • 26. © 2015 Denim Group – All Rights Reserved Red team tactics – Hack with love! - OOOOOOOOOOOOHH Day!!!!
  • 27. © 2015 Denim Group – All Rights Reserved Red team tactics – Hack with love! - OOOOOOOOOOOOHH Day!!!!
  • 28. © 2015 Denim Group – All Rights Reserved Red team tactics - Social Engineering - Are employees trained? Not CBT, not 1 Lunch and Learn. - Its no use, cant fix… - Blue team: We have firewall, AV.
  • 29. © 2015 Denim Group – All Rights Reserved Red team tactics - Social Engineering
  • 30. © 2015 Denim Group – All Rights Reserved Red team tactics - Social Engineering – Dave Kennedy - Destroying Education and Awareness - https://www.youtube.com/watch?v=ldvI12lpeEI - WebJacking in SET - http://www.restrictedintelligence.co.uk/
  • 31. © 2015 Denim Group – All Rights Reserved Red team tactics - Full Scope.
  • 32. © 2015 Denim Group – All Rights Reserved Purple Team tactics - Unprepared Blue Teams - Recommendation on Personnel - Training of Personnel(SANS, Books, podcasts, RSS) - Assistance with tools implementation (SIEM rules) - Retesting and verifying (segmentation, IPS/SIEM)
  • 33. © 2015 Denim Group – All Rights Reserved Purple Team tactics - All Blue Teams - Adversary simulation (Rafa Mudge) - http://blog.cobaltstrike.com/2014/11/12/adversary-simulation- becomes-a-thing/ - Malleable C2 - Nation State simulation
  • 34. © 2015 Denim Group – All Rights Reserved Purple Team tactics - Testing Scenarios - WAF - IPS/IDS - AV - Malware Detection - DLP - More… - What exists in your SOC: - Monitoring TEAM - Deployment/UpKeep/Configuration TEAM
  • 35. © 2015 Denim Group – All Rights Reserved Purple Team tactics - SIEM Rules - Idea mentioned by Kevin Johnson @ BsidesATX - As a pentester, provide SIEM rules to blue teams - Any vendor - An idea, a possibility? - Purple Team Talk by Kevin Johnson and James Jardine - https://youtu.be/ARM2ArOw9sI
  • 36. © 2015 Denim Group – All Rights Reserved Purple Team tactics - We Talked Logs/Events - Lets Talk Flows/packet analysis - Example from compromising a system: - Beacon - Setoolkit / Metasploit
  • 37. © 2015 Denim Group – All Rights Reserved Purple Team tactics
  • 38. © 2015 Denim Group – All Rights Reserved Purple Team tactics
  • 39. © 2015 Denim Group – All Rights Reserved Purple Team tactics
  • 40. © 2015 Denim Group – All Rights Reserved Purple Team tactics
  • 41. © 2015 Denim Group – All Rights Reserved Purple Team tactics
  • 42. © 2015 Denim Group – All Rights Reserved Purple Team tactics
  • 43. © 2015 Denim Group – All Rights Reserved Purple Team tactics
  • 44. © 2015 Denim Group – All Rights Reserved Purple Team tactics
  • 45. © 2015 Denim Group – All Rights Reserved Purple Team tactics - So what’s the point? - Bring the education - Work together and keep communication high - Blue and Red have to equally contribute - Don’t throw over the fence - Make reports beneficial - Remediation?
  • 46. © 2015 Denim Group – All Rights Reserved Comments? Questions? Twitter: @beto_atx Email: acampa@denimgroup.com