Purple Team: How This Color Can Help You And Your Organisation Learn and Get Better

BSidesLV 2017

Presented by: Patrick Mathieu
Date: Wednesday July 26, 2017
Time: 10:00 - 10:55
Location: Common Ground

You have heard of Red Team, Red vs. Blue Team and Purple Team exercises, but these approaches often miss two crucial aspects: communication and mentoring. An organisation doesn’t need to be overly mature to conduct a Purple Team exercise. This type of exercise can be divided into multiple stages when the business risks are well defined with communication and mentoring at the core of the engagement.

This presentation will describe how and why to execute a Purple Team exercise, as well as how to encourage upper management’s participation in this type of engagement. We will discuss techniques for executing a Purple Team exercise, along with the various types and levels of testing to assess the business risk using real case studies. This presentation will also include how to most effectively mentor the Blue Team.

Similarly to a Red Team, Purple Team exercises assess the business risks that can impact the business as a whole. The main difference between these two being that the Blue Team is involved throughout the engagement. Daily, weekly or monthly meetings are set with communication as the main objective. The Blue Team is responsible to detect, monitor and analyze the Red Team’s activities throughout the engagement. They communicate regularly with the Red Team to find solutions related to their findings rather than waiting for a finalized report that ultimately summarizes to the words “You’ve been pwned”.

Multiple levels of Blue Team involvement and mentoring approaches will be shown during the presentation. We will review different types of tests from predefined attack scenarios, which include real Red Team examples. We will focus on how this type of exercise can help the entire organisation improve their security from both a technical and strategic perspective, which will increase the value of this engagement when selling it to upper management.

Patrick Mathieu

Patrick is co-founder of Hackfest.ca largest hacking conference in Canada and has been involved in computer security and hacking for more than 20 years. He is currently employed as pentester and lead Purple Team at a Toronto consulting company and and he’s specialized in application security. Patrick holds a Bachelor and a College degree in computer science and he has always been active in the community and in his local security events.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats