Moving the Industry Forward – The Purple Team presented at BSidesPittsburgh 2014

by David Kennedy,

Summary : Let’s start off with a strong statement – pentesting today isn’t working. The blue team today isn’t working. When a pentest occurs, even done by some of the industries leading folks and the quality is there – the pentesters go in, blow stuff up, write the report and leave a trail of destruction to be cleaned up until the next pentest. The next year, the same thing, the year after that the same thing. The blue team on the other hand is tasked with securing the entire company and one flaw exposes the entire organization to attack. I’m here to tell you that we can accomplish both and continue to strengthen how we defend and build detection – its called the Purple Team. Instead of doing covert testing, move to more of a blended approach and build out defenses against the entire lifecycle of a hack. This talk goes into how to structure the best and effective purple team within an organization as well as walk through a number of different attacks and how to defend them. Like my normal talks, I’ll be going through the Social-Engineer Toolkit and how you can actively block its attacks and use some cutting edge things that haven’t been discussed before on how to block the attacks in the toolkit.