I’m almost done my purple team exercises… it’s been quite a challenge. The red team aspect takes me around 2-3 hours, and I expect the blue team exercises to take about the same time. I was able to run through each machine command by command and complete the challenges without issue today. I have full packet capture of my attacks, so the next step is replaying everything, and finding evidence of my interactions. This won’t be the first time I gather this info, so i expect the final draft to come together quickly.
Once I complete the blue team write-ups, I’ll finalize my powerpoint presentation and schedule the session with my SDSC team. I might shoot video’s of me going through the packet captures, but that will come after I deliver the presentation. I want to focus on Splunk as a SIEM for this presentation, I might have an opportunity to present at Conf.2018, and want to capitalize. Hoping my next post is me preparing to deliver the exercises to my team! 🙂