Chapter 11: Purple Teaming with BAS and Adversary Emulation

In Chapter 10, Purple Teaming the ATT&CK Tactics, we detailed an entire kill chain based on the trendiest TTPs that have been observed throughout 2021. From this, we will summarize and choose some of the techniques we looked at and define a simulation plan. This can be used as a first example or customized, depending on the areas and controls we want to cover. Then, we will go through the prepare, execute, identify, and remediate (PEIR) process that we covered in Chapter 2, Purple Teaming – a Generic Approach and a New Model, to put us on the rails for the first exercise. We will mostly focus on the prepare and execute phases of the process and cover practical examples using the tools ...