Emulating the Adversary While Training the Defenders: Purple Teaming with MITRE ATT&CK

With the evolution of the Purple Team, it is very easy to blur the lines and forget where the Red & Blue Teams start and end, how they work together, and how their tasks can be automated using real world tactics & techniques. I'll show you how to use the MITRE attack framework to programmatically incorporate tactics and techniques into exploitation platforms, schedule assessments, and train teams. Establishing the right processes and procedures isn’t always as easy as it sounds for Blue Teams, and emulating the right adversary can sometimes seem like a daunting task when your Red Team becomes operational. We’ll walk Red, Blue, and Purple teams through how to leverage the MITRE ATT&CK framework and open-source threat reporting around adversarial sector-based target attack patterns. The aim is to show how organizations can transform Purple Teaming into a science. David Evenden (Exploitation Analyst at CenturyLink) David is an experienced offensive security operator with experience working in the US Intelligence Community (IC). He learned Persian Farsi, worked at NSA Red Team, and was a member of an elite international team operating in conjunction with coalition forces to aid in the ongoing efforts in the Middle East. He is currently focused on working with DHS to aid in the efforts to enhance the bidirectional sharing relationship between the US Government and Commercial entities, and to track foreign intelligence activity in US Based Commercial Critical Infrastructure.