Red Teams emulate the tactics, techniques, and procedures (TTP) of attackers in the most realistic way possible – often over a prolonged period of time. This is not the same as Penetration Tests.
Purple Teams are the collaboration between the Blue and Red Teams rather than an dedicated team. The red and blue teams should adopt this collaboration mindset to improve the organization’s defensive capabilities against real-world cyber threats.
MITRE ATT&CK Framework
MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
Tools
- Atomic Red Team – library of tests mapped to the MITRE ATT&CK framework
- Prelude
- Cymulate ($$$) – Scripts/Payloads for the MITRE ATT&CK framework
- MITRE Attack Navigator – track progress on testing
Tools
Progress Tracking
- Vector – track red/blue team testing activities to measure detection