December 7, 2018 | Posted in Red Teams, Blue Teams, and Purple Teams by Evan Perotti and Mike Pinch   On November 29th, MITRE ATT&CK released the results of their first round of endpoint security evaluations. The evaluations simulated malicious activity from the APT-3 campaign against seven products. While our analysis directly compares the performance […]

May 16, 2018 | Posted in Blue Teams and Purple Teams by Tyler Frederick   Another Day, Another Microsoft Office Exploit CVE-2018-8174, also known as “Double Kill”, is the newest in a family of exploits that leverage Microsoft Office’s OLE (Object Linking and Embedding) functionality. This particular attack uses an Office document with an embedded OLE […]

January 5, 2017 | Posted in Purple Teams by Chris Salerno   The Way It Was The concept of purple teaming is not new.  We’ve been doing it for years; it was just disjointed and we didn’t call it “purple” or “red and blue”.  Instead, the red team “broke in” (usually walked in), perused the aisles, took what […]

June 29, 2016 | Posted in Purple Teams by Chris Myers   About a year ago, we were performing a laptop hardening and configuration review at one of our financial services clients using Symantec Endpoint Protection’s (SEP) USB Device Control as part of their Data Loss Prevention solution. One way SEP keeps data from leaving the corporate […]

January 9, 2015 | Posted in Purple Teams by Dan Astor   During a recent engagement, I was asked to perform advanced threat simulations designed to test the detection capabilities of current desktop security controls and advanced threat toolsets. The purpose of these simulations were to determine if the current capabilities would be able to detect a […]