Skip to Main Content

Purple Teaming

Adversarial Detection & Countermeasures, also known as Purple Team, engagements are designed to evaluate the effectiveness of the Information Security program, with a focus on detection, deflection, and deterrence.

Enhance your cybersecurity with our Purple Team

TrustedSec utilizes both Red Team (penetration testers) and Blue Team (defenders) consultants. The Red Team follows the Penetration Testing Execution Standard (PTES) to circumvent security controls and gain unauthorized access to systems. The Blue Team will then work with an organization’s defensive team to determine their ability to either detect the attack, deflect the attack, and/or deter the attacker.

With TrustedSec, you can:

With their years of experience, TrustedSec’s Incident Response team is able to provide a unique insight into attacks and assist in creating Incident Response Playbooks. This process includes:

  • Improve your team’s organizational readiness
  • Gauge current performance levels
  • Improve training for defenders
  • Increase end-user Information Security awareness
  • Evaluate the effectiveness of your IT security defenses and controls
  • Gain objective insight into vulnerabilities that may exist across your environment

Detection: Defined as the ability to recognize and identify an attack through multiple phases of a compromise, detection is the foundational element of reducing the damage inflicted during a breach. Detection systems include security information and event management (SIEM), network access control (NAC) rogue device detection, account change monitoring, suspicious command usage, user behavior analytics (UBA), and more. Where detection controls cannot be implemented, enhancements in deflection and deterrence controls are necessary.

Deflection: Also referred to as protection, deflection is the ability to build proactive measures that directly defend the network. This would include anti-virus, intrusion detection/prevention systems, NACs, and more. Where deflection controls cannot be implemented, enhancements to detection and deterrence controls are necessary.

Deterrence: The third piece of an organization’s defensive team is deterrence, which is the implementation of patch management procedures and the enforcement of complex password policies. This also includes creating paths of least resistance to bait an attacker to use a specific system or set of credentials in order to detect their activity, which is often achieved with Honeypots, Honeytokens, and Honeycreds. Where deterrence controls cannot be implemented, enhancements in detection and deflection controls are necessary.

“Our collaborative culture and reputation has attracted the most passionate, highly skilled professionals in the industry. It's incredible to see that the work we are doing is changing the industry.”
Larry SpohnPractice Lead, Force

Get real security guidance from real security experts.

Experts across security domains are ready to tackle your security challenges.

Read our blog

Explore the latest cybersecurity topics on the TrustedSec Security Blog

Blog October 17 2023

A Hitch-hacker's Guide to DACL-Based Detections (Part 3)

This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1    IntroductionIn this third and final…

Read about this article
Blog October 12 2023

A Hitch-hacker's Guide to DACL-Based Detections (Part 2)

This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1    IntroductionThis is a continuation of A…

Read about this article
Blog October 11 2023

A Hitch-hacker's Guide to DACL-Based Detections (Part 1B)

This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1    IntroductionIn this continuation to our first…

Read about this article
Blog October 10 2023

A Hitch-hacker's Guide to DACL-Based Detections (Part 1A)

This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1    IntroductionIf you were to collectively ask any…

Read about this article
Blog August 17 2023

The Client/Server Relationship — A Match Made In Heaven

This blog post was co-authored with Charlie Clark and Jonathan Johnson of Binary Defense. 1    Introduction One thing often forgotten is that detection…

Read about this article
Blog July 13 2023

Modeling Malicious Code: Hacking in 3D

Introduction Attackers are always looking for new ways to deliver or evade detection of their malicious code, scripts, executables, and other tools that will…

Read about this article
Blog April 11 2023

On the Road to Detection Engineering

Introduction People have asked numerous times on Twitter, LinkedIn, Discord, and Slack, “Leo, how do I get into Detection Engineering?” In this blog, I will…

Read about this article
Blog March 17 2023

Critical Outlook Vulnerability: In-Depth Technical Analysis and Recommendations (CVE-2023-23397)

Threat Overview Earlier this week, Microsoft released a patch for Outlook vulnerability CVE-2023-23397, which has been actively exploited for almost an entire…

Read about this article
Blog March 14 2023

Red vs. Blue: Kerberos Ticket Times, Checksums, and You!

This blog post was co-authored with Charlie Clark of Semperis. 1    Introduction At SANS Pen Test HackFest 2022, Charlie Clark (@exploitph) and I presented our…

Read about this article
Blog January 31 2023

New Attacks, Old Tricks: How OneNote Malware is Evolving

1    Analysis of OneNote Malware A lot of information has been circulating regarding the distribution of malware through OneNote, so I thought it would be fun…

Read about this article