Threat Focused Purple Team Exercises (non Active Directory Edition)

This talk will focus on some examples of threat-focused purple team exercises that red and blue teams can collaborate on with the goal of proactively building detections and response procedures for these attack paths. In particular, this talk will focus on useful purple team exercise ideas for modern tech environments that have very few Windows hosts and large numbers of macOS, linux, and cloud hosts. There is a lot more content available that focuses on Windows, so this talk aims to help provide offensive and defensive practitioners with some useful ideas and approaches for the types of environments that exist at most tech companies. By the end of this talk I hope you will be armed with practical ideas for purple team exercises that you can start executing.

Presenter: Cedric Owens, Lead Offensive Security Engineer, Twilio
Follow: Twitter: cedowens

View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at http://www.sans.org/u/195g

• #science_technology
• #ethical_hacking
• #offensive_security_operations
• #offensive_operations
• #penetration_testing
• #cedric_owens
• #purple_team
• #purple_teaming
• #linux
• #macos
• #threat_focused_purple_team
• #purple_team_exercises
• #threat_focused_purple_team_exercises
• #macos_hosts
• #linux_hosts
• #windows_hosts
• #building_detections
• #how_to_build_detections