Overview
Explore live adversary simulation techniques and the interplay between red and blue team tactics in this 47-minute RSA Conference talk. Delve into the concept of purple teaming, where offensive and defensive cybersecurity teams collaborate to enhance overall security posture. Learn how to perform adversarial threat simulation, improve communication between red and blue teams, and map Advanced Persistent Threat (APT) phases to a kill chain lifecycle. Gain insights into adversary emulation, including tools like Atomic Red Team, MITRE ATT&CK, and Caldera. Discover the benefits of bidirectional feedback loops and the importance of integrating offensive and defensive strategies for more effective cybersecurity practices.
Syllabus
Intro
What is "Red Team" & "Blue Team"?
What is "Adversary Emulation"?
Why do Adversary Emulation?
Consider Purple Teaming
Feedback Loop
Pre-Requisites for Purple Teaming
Red Team & Purple Team
Demonstration
What failed?
Typical "Pen Test" and "Red Team" tools
Flight Sim
Atomic Red Team
MITRE ATT&CK
Caldera - Architecture
Adversary Emulation Plans
Adversary Emulation with Caldera
Commercial Adversary Emulation
Taught by
RSA Conference