Purple Teaming Inside-Out

For the past two years, we have been facilitating purple team exercises for our clients using a framework that we developed that simulates insider threats. The intent of our exercises is to bring together the subject matter expertise from offensive operators and incident responders, demonstrate adversarial TTPs can be employed in our clients' environment, evaluate their ability to identify those TTPs, and discuss further response actions. Because our exercises are human-driven we are able to change scenarios during the engagement and exhibit the same creativity one may attribute to a true malicious actor who may be highly determined, influenced by a third party, or even emotionally compromised and irrational or destructive. During our talk we intend to explain our framework and the mindset behind it, and then present examples from our exercises to illustrate the challenges we faced and the value these exercises bring to our clients' organizations based on the outcomes of the exercises.