Red and Purple Team: Improve the defenders' ability to stop the attackers

  • Thursday, 03 Nov 2022 11:00AM SST (03 Nov 2022 03:00 UTC)
  • Speaker: Timothy McKenzie

This webcast will be presented in English, and will also be available to watch in Bahasa Indonesian, Japanese, Korean, Thai, and Vietnamese via simultaneous audio translation.

Webcast times:

3:00 a.m. UTC
8:30 a.m. UTC+5:30 (India)
10:00 a.m. UTC+7:00 (Indonesia / Thailand / Vietnam)
11:00 a.m. UTC+8:00 (Singapore / Philippines)
12:00 p.m. UTC+9:00 (Japan / Korea)
1:00 p.m. UTC+10:00 (Australia Eastern Daylight Time)
3:00 p.m. UTC+12:00 (New Zealand)
8:00 p.m. UTC-7:00 (Pacific Time Zone – Wednesday, 2 November 2022)

Webcast Abstract and Bio

Defenders must be constantly vigilant in their efforts to protect their organization's environment. Through practice, the defenders can be sharpened by red and purple team exercises. This presentation will explore some case studies where exercise improved the organization's security posture.

As the lead red team consultant and owner of 3L337 Consulting, LLC, Timothy builds purple team breach and attack emulations and leads scenario-based Red Team exercises. He works with highly skilled attack teams to breach organizations with the goal of helping the organization understand weaknesses in their security posture, as well as the impact that a determined, sophisticated adversary could make. Timothy holds dozens of certifications including GPEN, GWAPT, GXPN, GAWN, GPYC, and GWEB. He’s a frequent speaker at ISSA, ICBA and other forums and a member of the GIAC Advisory Board.

A SANS instructor since 2013, Timothy teaches SEC588: Cloud Penetration Testing and SEC542: Web App Penetration Testing and Ethical Hacking, of which he is a co-author. A mentor both in and out of the classroom, Timothy says “there’s not much value in putting information in my head if I am not going to share it with those around me. Teaching opens the door to offering what I know to others.

Bahasa Indonesia

Red and Purple Team: Tingkatkan kemampuan pertahanan untuk menghentikan penyerang

Orang-orang dibalik sistem pertahanan harus selalu waspada dalam upaya melindungi lingkungan organisasi mereka. Melalui latihan, kemampuan para personel ini dapat diasah dengan latihan red and purple team. Presentasi ini akan mengeksplorasi beberapa studi kasus dimana latihan dapat meningkatkan keamanan organisasi.

Sebagai konsultan red team utama dan pemilik 3L337 Consulting, LLC, Timothy membangun purple team dan emulasi serangan serta memimpin latihan Red Team berbasis skenario. Ia bekerja dengan tim penyerang yang sangat terampil untuk berusaha menerobos keamanan organisasi dengan tujuan membantu organisasi tersebut memahami kelemahan dalam keamanan mereka, serta dampak yang dapat ditimbulkan oleh musuh yang gigih dan canggih. Timothy memiliki banyak sertifikasi termasuk GPEN, GWAPT, GXPN, GAWN, GPYC, dan GWEB. Ia sering menjadi pembicara di ISSA, ICBA dan forum lainnya dan juga merupakan anggota Dewan Penasihat GIAC.

Menjadi instruktur SANS sejak 2013, Timothy mengajar SEC588: Pengujian Penetrasi Cloud dan SEC542: Pengujian Penetrasi Aplikasi Web dan Etika Peretasan, di mana ia merupakan salah satu penulisnya. Timothy adalah seorang mentor baik di dalam maupun di luar kelas, ia mengatakan, “Tidak ada gunanya meyimpan informasi di kepala saya jika saya tidak membagikannya kepada orang-orang di sekitar saya. Mengajar dapat membuka pintu untuk memberikan apa yang saya ketahui kepada orang lain.” 

Japanese

レッドチーム・パープルチーム:攻撃者を阻止するためのディフェンダーのスキルアップ

ディフェンダーは、組織の環境を守るために常に警戒を怠らないようにしなければなりません。レッドチームやパープルチームとの演習を通じて、ブルーチームである防御側も実践的にスキルアップすることができます。このプレゼンテーションでは、演習によって組織のセキュリティ体制が改善された事例をいくつか紹介します。

LLCのオーナーであるTimothy氏は、レッドチームの主任コンサルタントとして、パープルチームのための侵入と攻撃のエミュレーションや、シナリオベースのレッドチーム演習などを指導しています。高度なスキルを持つ攻撃チームと協力して組織への侵入を実演し、組織のセキュリティ体制の弱点や、巧妙な攻撃者がもたらす影響を理解することを目的としています。Timothy氏はGPEN、GWAPT、GXPN、GAWN、GPYC、GWEBなど数多くの認定資格を持っています。ISSAやICBAをはじめとする業界団体でも頻繁に講演を行い、GIACアドバイザリーボードのメンバーでもあります。

2013年からSANSのインストラクターとして、「SEC588: Cloud Penetration Testing」と「SEC542: Web App Penetration Testing and Ethical Hacking」を指導しており、これらの開発にも携わっています。教室の外でも指導者であることを忘れないTimothyは、「自分の頭の中に情報を入れても、それを周りの人と共有しないのであれば、あまり価値はありません」と言います。「教えることは、自分が知っていることを他の人に共有することにつながるのです」。

Korean

레드팀과 퍼플팀을 활용한 공격 방어기법

조직을 외부의 공격으로부터 지켜내기 위해 끊임없이 경계와 방어 태세 유지하며 동시에 예방, 대처 및 대응까지 수행해야 하는 보안 팀은 레드팀과 퍼플팀을 잘 활용한 실전 같은 연습을 통해 역량이 강화될 수 있습니다. 이번 SANS 정기 웹캐스트에서는 앞서가는 보안 전문조직에서는 이를 어떻게 활용하고 있는지 구체적인 사례를 통해서 살펴볼 예정입니다.

보안 컨설팅 전문기업인 3L337社의 대표이자 Red Team의 리더인 Tim은 퍼플팀의 공격 환경을 구축하고, 최신사례에 맞는 시나리오 기반의 레드팀을 운영하는 것으로 유명합니다. 이런 방식의 점검을 통해 해당 조직의 보안 취약점들을 파악하고, 그 취약점으로 인해 발생할 수 있는 다양한 공격 시나리오를 기반으로 컨설팅을 수행함으로써 조직에 가장 시급하고 필요한 진단 및 결과를 알려줍니다. TimGPEN, GWAPT, GXPN, GAWN, GPYC, GWEB등을 포함 수십 개의 국제 보안인증을 보유하고 있고, ISA, ICBA 및 여러 국제보안포럼의 유명 강연자이면서 SANS GIAC 인증위원회의 자문위원입니다.

2013년부터 SANS 공인강사로 활동하면서 현재 주로 SEC588(Cloud PenTest), SEC542(Web App PenTest and Ethical Hacking) 교육진행을 하고 있으며, 항상 “공유하지 않는 정보는 가치가 없고, 아는 것을 다른 사람들과 공유하는 것이 교육이다”라는 신념으로 자신의 모든 노하우를 강의에 담아내고 있습니다

Thai

Red และ Purple Team: เพิ่มประสิทธิภาพการทำงานของทีมป้องกันเพื่อยับยั้งผู้บุกรุก (Red and Purple Team: Improve the defenders' ability to stop the attackers)

ผู้ปกป้องระบนต้องตื่นตัวตลอดเวลาเพื่อป้องกันระบบขององค์กร หากผู้ปกป้องระบบใช้การฝึกซ้อมแบบ Red และ Purple team จะช่วยให้ผู้ปกป้องระบบทำงานได้ดียิ่งขึ้น

การบรรยายนี้จะศึกษาดูเคสตัวอย่างที่จะแสดงให้เห็นว่าการฝึกซ้อมในลักษณะนี้จะช่วยให้ทำงานได้มีประสิทธิภาพมากขึ้น

ในฐานะ red team consultant และผู้ก่อตั้งบริษัท 3L337 Consulting, LLC, Timothy ได้พัฒนาการฝึกซ้อมแบบ Purple team และยังเป็นผู้นำการฝึกซ้อมแบบ สภาพจำลอง Red Team ด้วย เข้าทำงานกับ Red Team ที่มีความสามารถมากเพื่อเจาะระบบ โดยมีจุดประสงค์เพื่อ ช่วยให้องค์กรเข้าใจจุดอ่อนและระดับความปลอดภัยของระบบ และผลกระทบที่อาจจะเกิดขึ้นจากผู้ร้ายที่มีความสามารถสูง Timothy มีใบประกาศนียบัตรหลายใบอาทิเช่น GPEN, GWAPT, GXPN, GAWN, GPYC และ GWEB เขาเป็นผู้บรรยายให้กับ ISSA, ICBA และสมาคมอื่น ๆ และยังเป็นสมาชิกของ GIAC Advisory Board.

เขาเป็นอาจารย์ของสถาบัน SANS ตั้งแต่ปี 2013 Timothy สอนวิชา SEC588: Cloud Penetration Testing และ SEC542: Web App Penetration Testing and Ethical hacking ซึ่งเข้าเป็นผู้แต่งร่วม เป็นอาจารย์ทั้งในและนอกห้องเรียน Timothy กล่าวไว้ว่า “หากเก็บความรู้ไว้ในหัวอย่างเดียวมันคงไม่มีประโยชน์หากไม่ได้แบ่งปันความรู้นั้นให้กับคนอื่นด้วย การสอนจะช่วยเปิดประตูให้ผมได้แบ่งปันความรู้กับคนอื่น”

Vietnamese

Đội Đỏ và Đội Tím: Nâng cao khả năng ngăn chặn kẻ tấn công của chuyên viên phòng thủ

Các chuyên gia phòng thủ phải luôn cảnh giác trong các nỗ lực bảo vệ môi trường tổ chức của họ. Qua việc luyện tập, các bài thực hành đội đỏ và đội tím có thể giúp chuyên viên phòng thủ nâng cao năng lực. Bài thuyết trình này sẽ phân tích các tình huống thực tế cho thấy việc luyện tập có thể nâng cao an ninh của tổ chức.

Là tư vấn viên hàng đầu của đội đỏ và chủ sở hữu công ty TNHH 3L337 Consulting, Timothy phát triển các giả lập xâm nhập và tấn công của đội tím cũng như dẫn đầu các bài tập tình huống cho Đội Đỏ. Ông làm việc với những đội tấn công kỹ năng cao nhằm xâm nhập vào các tổ chức để có thể giúp những tổ chức này nhận thức được điểm yếu trong năng lực phòng thủ, cũng như thiệt hại mà kẻ tấn công xảo quyệt với quyết tâm có thể gây ra. Timothy đạt được rất nhiều những chứng chỉ như GPEN, GWAPT, GXPN, GAWN, GPYC và GWEB. Ông còn thường xuyên góp mặt với vai trò diễn giả tại ISSA, ICBA cũng như các diễn đàn khác và là thành viên của Ban Cố vấn GIAC.

Bắt đầu làm giảng viên SANS từ 2013, Timothy giảng dạy khóa SEC588: Cloud Penetration Testing, là người đồng xây dựng và giảng dạy khóa SEC542: Web App Penetration Testing and Ethical Hacking. Là người cố vấn cả trong và ngoài lớp học, Timothy nói rằng: “việc thu thập thông tin cho riêng mình mà không chia sẻ cho những người xung quanh không có giá trị gì cả. Việc giảng dạy giúp mở ra cánh cửa giúp tôi truyền đạt kiến thức của tôi cho những người khác.”