DEF CON 27, Blue Team Village, Georgios Kapoglis' 'Serverless Log Analysis On AWS' →
DEF CON 27, Blue Team Village, Dumby's (@uncl3dumby) 'Anatomy Of A Megabreach: Equifax Report' →
DEF CON 27, Blue Team Village, Christine Le's 'Blue Team Guide For Fresh Eyes' →
DEF CON 27, Blue Team Village, Mark Orlando's 'When A Plan Comes Together: Building A SOC A Team' →
DEF CON 27, Blue Team Village, Norman Lundt's - Extending Zeek For ICS Defense' →
DEF CON 27, Blue Team Village, @scoubiMTL's 'BloodHound From Red To Blue 1 Point 5' →
DEF CON 27, Blue Team Village, @Lak5hmi5udheer's, @dhivus & @NarayanGowraj's 'Who Dis Who Dis: The Right Way To Authenticate' →
DEF CON 27, Blue Team Village - Lacie Fan's 'Killsuit - How The Equation Group Remained Out Of Sight' →
DEF CON 27, Blue Team Village - @ClausHouman's, @InfoSystir's, @JNitterauer's, @LitMoose's & @sm0kem's 'Security Strategy For Small Medium Business' →
DEF CON 27, Blue Team Village, Siyu Zhu's 'Evaded Microsoft ATA' →
DEF CON 27, Blue Team Village, Shawn Thomas' 'An Introduction To Malware Analysis' →
WebApp Security, 'My Experience Leading A Purple Team' →
A terrific Red & Blue (in reality - Purple's the Word, in this case) Teaming Leadership post (via Robert A., posting on the Web Application Security Consortium List) detailing his experience leading a Purple Team, and the oversight work assocciated with that team color). Very pleased to see this form of shared learning in the Red Team space. Today's Must Read.
"Purple: Purple teaming in my experience is the oversight of how red and blue operate, coordination to strengthen the effectiveness of both red/blue, and improved relationships with impacted stakeholders (dev/it/ops/etc). It likely isn't it's own team, it's the leaders of the blue/red teams coordinating with it's members and cross-org stakeholders to optimize how they operate." via Robert A.'s superlative post further via Web Application Security Consortium List**)
DerbyCon 2016, Carlos Perez' 'Thinking Purple' →
From the video description: Breaking with the adversarial approach of Red vs Blue, look at how the current system and approaches may be broken in some organizations and provide recommendation not only for the mature organization with a large structure but also how small businesses can take a more purple strategy in the way they operate their teams including how they acquire pentest services. Presentation will cover an approach beyond the red and blue team and more of a organizational and strategic approach to change the paradigm of thinking and action to more symbiotic approach to security.
Carlos Perez is a Director at a Security Vendor working on reverse engineering, security research and integration projects. Carlos also works as a trainer providing training both to government and private organizations across the world in security technologies and also provides consulting in his spare time on infrastructure and security. His work and thoughts can be found on his webpage www.darkoperator.com. He has presented at several security conferences and is a co-host of the Security Weekly podcast.