Purple View

Purple teaming provides collaboration between red and blue teams to more effectively understand each other's processes and needs in order to achieve the ultimate combined goal of making the organization more secure. In this talk we will demonstrate a purple team view in attacks on Active Directory, and discuss why it is valuable to see these attacks from both the attacker's and defender's perspectives and potential strategies for implementing this approach. This strategy helps blue teams to develop more effective monitoring, understanding attack strategies, knowing what to look for and ensuring that their detection and response methods are effective. Red teams can more understand blue team processes to provide greater support in identifying potential weaknesses.