Hackfest 2024 - 16-bit Edition

Going Purple: how combined exercises can improve security
10-11, 14:00–14:50 (America/New_York), Track 1 (206b)
Language: English

Testing in a vacum is handy for discovering things that need fixing, and it's a lot of help for the vulnerability managers and security teams out there. Training your defenders is also pretty great, for obvious reasons. What if you could combine both into a single activity? What if that activity ALSO could help frame some of the crazy risks that the people you work for are facing right now? In this talk we'll cover the basics of what a purple team activity looks like, why you'd want to run one, and how to make sure it supports other testing and improvement efforts within your company.


  • Intro (who, why, etc) (3 minutes)

  • Terminology and a bit of a level setting exerise: Purple, Red, blue, various mutations, what they mean (5 minutes)

  • Structure and strategy (11 minutes)

          - What the exercise should look like
    
          - How to pick your targets
    
          - Who to include, and when
    
          - Bringing in leadership, and why it might be good
    
  • One week of absolute weirdness (11 minutes)

          - The actual exercise
    
          - Almost breaking stuff: Rules of engagement
    
          - Actually breaking stuff: backup plans and monitoring
    
          - Defender games: this isn't a test, it's an adventure
    
  • Desired outcomes: Training, testing, and risk awareness (10 min)

          - Detection logic and human elements: follow ups, containment tactics, etc
    
          - Reporting, and who should see what
    
          - Testing playbooks using mid-session goals
    
          - Involving crisis response teams (not just DFIR and cybersecurity)