Live Adversary Simulation: Red and Blue Team Tactics (Overflow)

Posted on in Presentations

Historically, penetration testers and cyber-defenders report to a separate management structure. This can hinder good communication between the two teams. We've all heard the saying “Offense Informs Defense.” This should be a bidirectional feedback loop where each side works together to run simulations and educate each other. This concept is often referred to as “Purple Teaming.”

Learning Objectives:
1: Learn how to perform adversarial threat simulation.
2: Learn how to enable communication between red and blue teams.
3: Understand how to map APT phases to a killchain life cycle.

A background in systems administration, incident response, forensics, network engineering, penetration testing or other similar disciplines.
James Lyne


Chief Technology Officer, SANS Institute

Stephen Sims


Offensive Operations Curriculum Lead and Fellow, SANS Institute

Share With Your Community