Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Purple Team Strategies

You're reading from   Purple Team Strategies Enhancing global security posture through uniting red and blue teams with adversary emulation

Arrow left icon
Product type Paperback
Published in Jun 2022
Publisher Packt
ISBN-13 9781801074292
Length 450 pages
Edition 1st Edition
Arrow right icon
Authors (4):
Arrow left icon
David Routin David Routin
Author Profile Icon David Routin
David Routin
Samuel Rossier Samuel Rossier
Author Profile Icon Samuel Rossier
Samuel Rossier
Simon Thoores Simon Thoores
Author Profile Icon Simon Thoores
Simon Thoores
Michael Molho Michael Molho
Author Profile Icon Michael Molho
Michael Molho
Arrow right icon
View More author details
Toc

Table of Contents (20) Chapters Close

Preface 1. Part 1: Concept, Model, and Methodology
2. Chapter 1: Contextualizing Threats and Today's Challenges FREE CHAPTER 3. Chapter 2: Purple Teaming – a Generic Approach and a New Model 4. Chapter 3: Carrying out Adversary Emulation with CTI 5. Chapter 4: Threat Management – Detecting, Hunting, and Preventing 6. Part 2: Building a Purple Infrastructure
7. Chapter 5: Red Team Infrastructure 8. Chapter 6: Blue Team – Collect 9. Chapter 7: Blue Team – Detect 10. Chapter 8: Blue Team – Correlate 11. Chapter 9: Purple Team Infrastructure 12. Part 3: The Most Common Tactics, Techniques, and Procedures (TTPs) and Defenses
13. Chapter 10: Purple Teaming the ATT&CK Tactics 14. Part 4: Assessing and Improving
15. Chapter 11: Purple Teaming with BAS and Adversary Emulation 16. Chapter 12: PTX – Purple Teaming eXtended 17. Chapter 13: PTX – Automation and DevOps Approach 18. Chapter 14: Exercise Wrap-Up and KPIs 19. Other Books You May Enjoy

What this book covers

Chapter 1, Contextualizing Threats and Today's Challenges, defines the overall threat landscape and explains why we must adopt a proactive approach to cybersecurity. It also identifies the current issues with Red and Blue Teaming and defines the requirements for purple teaming.

Chapter 2, Purple Teaming – a Generic Approach and a New Model, defines purple teaming, including the core process and its different types of exercises and objectives. The chapter also introduces a new model for effectively applying purple teaming within your organization.

Chapter 3, Carrying Out Adversary Emulation with CTI, introduces the process of CTI and how it must be leveraged for effective and relevant purple teaming exercises.

Chapter 4, Threat Management – Detecting, Hunting, and Preventing, introduces the processes of managing threats by using threat hunting capability, detection engineering, and prevention mechanisms.

Chapter 5, Red Team Infrastructure, defines the red team infrastructure components used by both attackers and red teams. In particular, we will learn about the most common offensive frameworks and efficient phishing techniques, as well as how to leverage automation and cloud environments.

Chapter 6, Blue Team – Collect, describes the required architecture to perform an efficient event collection. We also introduce the Windows Event Forwarding protocol and provide real-life experience tips.

Chapter 7, Blue Team – Detect, details data sources and solutions that can be used by a blue team for detection. The chapter also introduces the concept of deception through practical examples.

Chapter 8, Blue Team – Correlate, introduces the theory of correlation and describes how detections should be performed within a centralized place, such as Security Information Event Management (SIEM). The chapter also introduces common query languages that can be leveraged to ease investigation and incident response.

Chapter 9, Purple Team Infrastructure, describes the technology available to ease and automate the process of purple teaming. It introduces adversary emulation frameworks as well as breach and attack simulation tools. The chapter also introduces the theory behind DevOps and how it can be used to facilitate the process of purple teaming.

Chapter 10, Purple Teaming the ATT&CK Tactics, describes the most commonly used techniques for each tactic of the MITRE ATT&CK framework. For each technique, the chapter defines how to perform the activity from a Red Team point of view, as well as how to defend against such a technique.

Chapter 11, Purple Teaming with BAS and Adversary Emulation, puts into practice the theory learned throughout the book by leveraging different frameworks and solutions, while also highlighting the various maturity levels of purple teaming.

Chapter 12, PTX – Purple Teaming eXtended, puts into practice the new concept of PTX introduced in Chapter 2, Purple Teaming – a Generic Approach and a New Model, with concrete examples, leveraging a diffing technique.

Chapter 13, PTX – Automation and DevOps Approach, puts into practice the theory of DevOps introduced in Chapter 9, Purple Team Infrastructure, with concrete examples of how to implement it, especially the diffing approach.

Chapter 14, Exercise Wrap-Up and KPIs, concludes the book by presenting Key Performance Indicators (KPIs) and reporting ideas. This chapter also presents the authors' view on the future of purple teaming.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image