SOC / Purple Team Testing

Often, the best way to improve the blue team is to work hand-in-hand with the red team. This turns into a purple teaming engagement, where the red team runs common attack scenarios, such as malware uploads, file extractions, network attacks, and much more with the goal of improving blue team baselining and detection capabilities.

Our team of engineers will work closely with your blue team to pick attack scenarios for the assessment. A playbook of options will be provided however we can also tailor attacks based on client needs.


Our Methodolody

All testing performed under this service are based on the NIST SP 800 - 115 Technical Guide to Information Security Testing and Assessment, OWASP testing Guide (v4) plus other customized testing frameworks.

PLANNING

Customer goals are gathered and rules of engagement obtained.

DISCOVERY

Perform scanning and enumeration to identify potential vulnerabilities, weak areas and exploit.

ATTACK

Confirm potential vulnerabilities through exploitation and perform additional discovery upon new access.

REPORTING

Document all found vulnerabilities and exploits, failed attempts, company strengths and weaknesses.

Thorough Testing

Scenarios performed during purple team testing include but not limited to:

  • Admin account creation detection

  • Credential dumping detection

  • Sensitive file exfiltration detection

  • Endpoint security detection

  • Command and control (C2) detection

  • Remote tool detection

  • Active Directory attack detection

  • Evil Twin detection

  • Other testing depends on specific customer content and footprint.