Fatih Ozavci
Fatih Ozavci is a multidisciplinary security engineer and researcher with two decades of experience on offensive and defensive security technologies.

He has managed several international security assessment and research projects focused on various technologies including service provider networks, unified communications, application security and embedded systems. He shared his researches, tools, advisories and vulnerabilities in major security conferences such as Black Hat USA, DEF CON and HITB.

Nowadays, he combines his skillsets to perform realistic adversary simulations and defence exercises for larger organisations. As the head of the Red Team for a major Australian bank, his current responsibilities are monitoring the external threat environment to understand criminal tactics and procedures, applying their tradecraft to proactively assess the effectiveness of cyber defence controls, and executing red team scenarios to simulate the adversary campaigns.

Designing, Developing and Running Purple Teaming Exercises

Technical Level (3 being the highest score): 2

Larger organisations running adversary simulation exercises for a long time due to measuring cyber compromise risk, satisfying regulation requirements and improving organisation defence. However, simulating adversaries only reveal the risks and weaknesses of the organisations, but do not train their defence squads while running.

Security operations centres, threat management, incident response and other blue team squads also need interactive simulations to understand the adversary behaviours. Purple team exercises are developed to improve blue team response capabilities against interactive events.

This talk will discuss about the best practices of designing efficient purple team exercises using adversary simulations. Well-designed exercises demonstrate the adversary tradecraft realistically, but also follow a plan in common terms and defence metrics.

These realistic simulations require interpretation of threat intelligence data, running the tactics in the reports, command and control services simulation, repurposing open source tools to demonstrate the techniques and good coverage of the tradecraft.

In addition, the technical demonstrations should be also interpreted to the defence terms such as Mitre Att&ck mapping for better understanding.

Finally, the presenter will also share some suggestions about the important elements whichcimprove the game play experience such as using interactive tools for inter-squad information sharing and feedback, providing concept tools to blue teams as homework, designing attacks with multi-stages that require various blue team capabilities to measure, providing detailed IOCs and activity reports, and the flags planted to various stages of the simulations for metrics.

Secure your place now!