- Purple Team Solutions
- Posts
- Resources: Published reports on how real threat actors operate
Resources: Published reports on how real threat actors operate
Operationalize Purple Teaming with Red Teams and Blue Teams | Information Security Newsletter
Reading published threat reports is a great way to learn how real threat actors operate. The industry is getting better about producing reports that include some degree or mapping of “replay-able” techniques to practically test detections, however, there is still room for improvement.
The reports provide detailed steps on real threat actor activity:
DFIR Report
APT Groups and Operations https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/edit#gid=1864660085
ORKL
People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection
https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF
Mandiant M-Trends 2023
BianLian Ransomware Group
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-136a
Review and monitor these resources for tactics, techniques and procedures. 😃 Test those techniques within your environment to validate your getting the telemetry coverage required.