Introduction
In Part III of the book, we focus on organizing exercises and establishing a purple teaming function in your organization. In this first chapter we consider effective methods for reporting and tracking your emulation activities, whether that be via spreadsheet, ticketing system or a purpose-built platform like SRA’s VECTR.
Chapter Content
This section provides reproductions of the key figures and code snippets seen in this chapter.
Maturing Your Purple Team Processes
Attack Automation
Development Considerations
See ProcDump in the LOLBAS project: https://lolbas-project.github.io/lolbas/OtherMSBinaries/Procdump/
A command that leverages the procdump.exe LOLBIN to load an arbitrary DLL.
C:\Tools> procdump.exe -md malware.dll foobar
Alert Regression Testing
A Continuous Purple Teaming Cycle
Resources
The following resources expand on topics covered in this chapter.
Attack Automation
A Continuous Purple Teaming Cycle
A Sigma rule for the detection of anomalous web server child processes
"process_creation/proc_creation_win_webshell_susp_process_spawned_from_webserver.yml", GitHub, accessed December 15, 2024
Read More