Join the Next Purple Team Workshop! Save Your Seat 🦄
Cyber Threat Intelligence - team to research and provide threat TTPs
Red Team - offensive team in charge of emulating adversaries
Blue Team - the defenders. Security Operations Center (SOC), Hunt Team, Digital Forensics and Incident Response (DFIR), and/or Managed Security Service Provides (MSSP)
Present adversary, TTPs, and technical details
Follow process to detect and respond to TTPs, share screen to confirm identification of artifacts
Can any adjustments or tuning to security controls and/or logging be made to increase visibility
Repeat procedure and record new results, move to next TTP