Resources: Published reports on how real threat actors operate

Operationalize Purple Teaming with Red Teams and Blue Teams | Information Security Newsletter

Reading published threat reports is a great way to learn how real threat actors operate. The industry is getting better about producing reports that include some degree or mapping of “replay-able” techniques to practically test detections, however, there is still room for improvement.

The reports provide detailed steps on real threat actor activity:

Review and monitor these resources for tactics, techniques and procedures. 😃 Test those techniques within your environment to validate your getting the telemetry coverage required.