Purple Team like you’re preparing for war

Should Winston Churchill have trained his army to fight the Chinese during the war against Hitler and the Germans, he would not have had the success he did. When you saturate a SOC with successfully mitigated alerts to report on , and force your pen-testers to run post production web app scans continuously, you are training your defence for the wrong enemy, the wrong battle and setting yourself up for imminent failure.

“Simply running a purple team exercise will train and develop your internal offence and defence like nothing else can.”

Image for post
Image for post

“if advanced threat actors want to get in, there going to, they’re is no point “wasting” resources trying to defend against them.”

Well, isn’t that just defeatist. I’m so glad Winston Churchill didn’t have that mindset. “Why bother?” — is not a defence plan. Learn how to fight a new kind of war, and build the machines this new kind of war requires.

Know your enemy

The whole point of having a spy behind enemy lines is to learn about your enemy. Understanding the cultural disposition of the enemy is a huge benefit and having influence over the cultural development of a nation is a huge benefit when understanding how they will react long term. We don’t have the ability to go and knock on Fancy Bear’s cave and ask to shadow them during an operation, but, PT gives us a similar capability. Through the threat intelligence gathering conducted prior to any PT engagement we can learn who may see us as a viable target, what tools they use and what techniques they employ, where they originate from and where they operate, and where they aim, and maybe most importantly why they pick their targets.

Image for post
Image for post
Polish Countess Krystina Skarbek spied for Britain in German-occupied Europe and survived — only to be abandoned by Britain and stabbed to death by a jealous admirer in a London hotel.

Identify your critical assets

WWII gives us a fantastic example of strategic defence. Germany had built an impressive fleet of motorised vehicles and produced an army that was dependent on them. Germany quickly found themselves in a tricky situation when they quite literally ran out of oil. The oil dependent machinery was rendered pretty much useless after Great Britain’s naval blockade in 1940 blocked oil imports from the Americas to Germany. Germany’s Crown Jewel was oil that wasn’t on their land, it was in the cloud so to speak, resident on someone else’s computer (or under someone else’s land in this case . . . ). Unsurprisingly Hitler invested in synthetic oil and although it helped, it was expensive and slow to produce. In what was probably a brazen but common-sense move, in 1941 Hitler decided to attack the Soviet Union and attempt to take the oil fields (Caucasus) with the aim of fueling the war and any later wars. Because Hitler was aware of the Crown Jewels of the Soviet Union he saw no benefit in attacking Moscow for anything other than vanity. He ordered his generals to invade the Caucuses, but General Franz Halder went against Hitler and invaded Moscow, something that is arguably the pinnacle moment that lost the Germans the second world war. The Soviet’s anticipated an act of war on their capital and were ready to defend it, furthermore they anticipated Germans need for oil and pushed a small German division out of the oil fields too. The Soviet’s understanding of their own critical assets meant they were in a strong position to defend themselves. Germany’s failure to anticipate the pipeline by which their Crown Jewels lay weakened them beyond recovery.

Image for post
Image for post
German The infantry divisions were dependent on horses to pull their artillery and supplies

Use what resources you have available

The Soviet–Afghan War lasted just short of 10 years, from December 1979 to February 1989. Soviets and the Afghan government were fighting the US-backed insurgent groups known collectively as the Mujahideen. When the Soviets withdrew, they Abandoned many Soviet T-55 tanks in the countryside of Afghanistan. It is now the Afghan military who have recycled these out-of-date relics, keeping them going through cannibalising parts from completely dead tanks, to keep the rusty but still functional tanks going. Their lone tank battalion is currently used during internal conflicts.

Image for post
Image for post
Afgahn army using Soviet T-55 tanks

Secure the perimeter

You should have already done this, and most will have, even if only to the standard defaults. Better than a kick in the groin.

Image for post
Image for post
Conisbrough castle

Make your workforce you’re militia

Estonia and Latvia, among others take training their population to resist an invitation very seriously. Lithuania has issued a ‘civil defense book’ to its population to advise on how to handle a Russian invasion. These are all very recent examples of training your people to increase your chances of success in defence.

Image for post
Image for post
Latvian National Guard emblem

POST purple team fun

To add a little war game spy thriller pizzazz to the work environment, why not use the output of a purple team exercise to enlist the use of deception technologies. This need not be super expensive, creative thinking is key.

Image for post
Image for post
From “The Man Who Never Was” (1956)

“Winston Churchill deliberately encourages spies with corkscrew minds because he knew Hitler thought in straight lines.” [https://youtu.be/hBk3sSUB5X4]

Now I’d love to tell one of the worlds most thrilling war time deception stories but I’ll leave that to Even Andrews who described this impeccably on behalf of the History channel.

A bit about th4ts3cur1ty.company:

Unlike other providers we don’t identify areas of weakness and leave, we identify and then harden, or work with your internal teams to harden your defences. We have templates specific to different industries and we add in very bespoke sections to account for details related specific to the customer. To find out more click here.

CEO & Co-Founder at th4ts3cur1ty.company & PocketSIEM. Founder and Director of Ladies Hacking Society | Purple teaming enthusiast @Eliza_MayAustin

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store