Purple Rain

From lovely Washington D.C., Laura, alongside her pal Luciano, presented on how the Code42 SecOps team leveraged Stratus Red Team and VECTR to run Purple Team exercises. 

This stack of tools in combination with a Purple Team model enabled efficient generation of high-fidelity security alerts and reduced the time from "pentest success" to "defenses reinforced" to hours rather than weeks or months. 

Stratus Red Team is an open source tool from DataDog that emulates adversary activity in cloud environments. It is particularly proficient at AWS, but is growing in support for Azure and GCP as the community learns of it, finds value in it, and contributes back to the Stratus project. 

VECTR is a documentation platform for red/blue or purple team exercises that automatically maps path to compromise based on inputs defined in the attack model. Teams can take notes on what commands were run, time adversary activity, time blue team response, and collaboratively keep track of exercises in something way better than an unwieldy spreadsheet.