February 13, 2019 | Posted in Purple Teams by Tim Wainwright This article covers how a Purple Team process done correctly can: Be documented and organized using the free VECTR.io platform (https://vectr.io) and align to MITRE ATT&CK Generate quantitative success defense metrics more meaningful than existing hygiene and hyperbole metrics Change your teams’ attitude and […]

December 7, 2018 | Posted in Red Teams, Blue Teams, and Purple Teams by Evan Perotti and Mike Pinch   On November 29th, MITRE ATT&CK released the results of their first round of endpoint security evaluations. The evaluations simulated malicious activity from the APT-3 campaign against seven products. While our analysis directly compares the performance […]

May 16, 2018 | Posted in Blue Teams and Purple Teams by Tyler Frederick   Another Day, Another Microsoft Office Exploit CVE-2018-8174, also known as “Double Kill”, is the newest in a family of exploits that leverage Microsoft Office’s OLE (Object Linking and Embedding) functionality. This particular attack uses an Office document with an embedded OLE […]

January 5, 2017 | Posted in Purple Teams by Chris Salerno   The Way It Was The concept of purple teaming is not new.  We’ve been doing it for years; it was just disjointed and we didn’t call it “purple” or “red and blue”.  Instead, the red team “broke in” (usually walked in), perused the aisles, took what […]

June 29, 2016 | Posted in Purple Teams by Chris Myers   About a year ago, we were performing a laptop hardening and configuration review at one of our financial services clients using Symantec Endpoint Protection’s (SEP) USB Device Control as part of their Data Loss Prevention solution. One way SEP keeps data from leaving the corporate […]