Red + Blue = Purple (Taking security testing to the next level)Return to TOC

No ratings

Presented at First 2015 by

Stan Hegt

We need to close the gap between security testing and real-world attacks. Your typical penetration tester will portscan the network, fire up his vulnerability scanner and then do some manual verification of exploitability of the identified weaknesses. While this is fine for obtaining a broad overview of vulnerabilities in your preventive controls, it is by no means a test of your resilience against actual attacks. Penetration tests lack real-world attack aspects like malware, social engineering and creating persistence and hence are no realistic test case for your detective and responsive capabilities. In this talk, we will discuss our experience and best practices in red/blue teaming exercises that help you to realistically test resilience against real-world attacks. We will provide insight into our bag of dirty red team techniques, but will also disclose some of the coolest tricks that blue teams have pulled on us. Lastly, we will advocate a new trend in security testing called purple teaming: joining forces of the offensive red team and defensive blue team to get most value out of security testing. amsterdamtc-20150505-stan_hegt-red_blue_purple.pdf