Red/blue exercises are fascinating. A few times a year governments and enterprises - who can afford these advanced security practices - coordinate a multi-week event in which the red team hacks into a specific part of the company while the blue team defends. The goal is to simulate a real world attack in order to prove out if the defensive tools and practices are working - or not.
These events are infrequent and expensive. But what if they weren’t? Most organizations run some type of blue team “agent” on workstations and servers. These agents come in many flavors - AV, EDR, XDR, … - but they’re only stress-tested in realistic ways when the red team comes to town. That’s because they’re only one half of the equation: there needs to be a “red agent” on each workstation to continuously test the efficacy of the defense.
In this talk, you’ll learn how to run red/blue exercises on any endpoint in your organization. But this is not a continuous red teaming talk. This is a defense-in-depth talk where you'll learn how to test the efficacy of your defense or even how non-security people at your organization react when faced with an adversary.