Red/Purple Teaming

Red Teaming

• Awesome-Red-Teaming

• https://ijustwannared.team/

• https://threatexpress.com/

  • https://redteam.guide/

• https://redteamer.tips/so-you-want-to-be-a-pentester-and-or-red-teamer/

• https://github.com/rmusser01/Infosec_Reference/blob/master/Draft/RT.md

• https://kwcsec.gitbook.io/the-red-team-handbook/

• https://github.com/magoo/redteam-plan

• https://tryhackme.com/module/red-team-fundamentals

• https://tryhackme.com/room/redteamfundamentals

• https://tryhackme.com/room/redteamengagements

• https://tryhackme.com/module/red-team-fundamentals

Tools

• RedELK - Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.

  • https://outflank.nl/blog/2019/02/14/introducing-redelk-part-1-why-we-need-it/

  • https://outflank.nl/blog/2020/02/28/redelk-part-2-getting-you-up-and-running/

  • https://outflank.nl/blog/2020/04/07/redelk-part-3-achieving-operational-oversight/

Adversary Emulation

• Tool Collections

  • Atomic Red Team - Atomic Red Team™ is a library of simple tests that every security team can execute to test their defenses. Tests are focused, have few dependencies, and are defined in a structured format that can be used by automation frameworks.

    • https://github.com/cyberbuff/TheAtomicPlaybook

    • https://docs.google.com/document/d/1c8_WRHp68Py9kyMYqMrs6aQ6ppcfLouV8jQ07UY27yE/mobilebasic

  • stratus-red-team - Stratus Red Team is "Atomic Red Team™" for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner.

  • caldera - Automated Adversary Emulation Platform by MITRE

    • https://www.kali.org/tools/caldera/

  • monkey - Infection Monkey - An automated pentest tool

    • https://www.guardicore.com/infectionmonkey/

  • leonidas - Automated Attack Simulation in the Cloud, complete with detection use cases.

  • Metta - An information security preparedness tool to do adversarial simulation.

  • Red Team Automation (RTA) - RTA provides a framework of scripts designed to allow blue teams to test their detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.

  • flightsim - A utility to safely generate malicious network traffic patterns and evaluate controls.

  • PurpleSharp - PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments

• Resources

  • Adversary Emulation Plans

  • The Threat Emulation Problem

  • Why we love threat emulation exercises (and how to get started with one of your own)

  • MITRE ATT&CKcon 2018: From Automation to Analytics: Simulating the Adversary to Create Better Detections, David Herrald and Ryan Kovar, Splunk

  • Living Off The Land Binaries and Scripts (and also Libraries)

  • Purple Teaming with Vectr, Cobalt Strike, and MITRE ATT&CK

  • Red Team Use of MITRE ATT&CK

  • Purple Teaming with ATT&CK - x33fcon 2018

  • Live Adversary Simulation: Red and Blue Team Tactics

  • MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with ATT&CK, David Middlehurst, Trustwave

  • MITRE ATT&CKcon 2018: From Red VS Blue to Red ♥ Blue, Olaf Hartong and Vincent Van Mieghem, Deloitte

  • PowerShell for Practical Purple Teaming

  • Signal the ATT&CK: Part 1

  • Signal the ATT&CK: Part 2

  • Advanced Penetration Testing: Simulating Ransomware - pg. 106

Purple Teaming

• EnterprisePurpleTeaming - Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study. Doctor of Science Cybersecurity at Marymount University Dissertation by Xena Olsen.

• RE:TERNAL - RE:TERNAL is a centralised purple team simulation platform. Reternal uses agents installed on a simulation network to execute various known red-teaming techniques in order to test blue-teaming capabilities.

• Purple Team ATT&CK Automation - Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs

• VECTR - VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios

• Mordor - The Mordor project provides pre-recorded security events generated by simulated adversarial techniques in the form of JavaScript Object Notation (JSON) files for easy consumption.

• https://www.youtube.com/watch?v=BnnZ-GmUHpQ