BSides Birmingham 2023

Rethinking Penetration Testing
10-28, 14:00–14:50 (US/Central), Alumni Theater

The current model for traditional penetration testing is broken. Find out the difference between red and purple teams, assumed breach testing, and how to choose the right test to maximize impact.

I believe current model for traditional penetration testing is broken. The typical scan and exploit model doesn’t reflect how real attackers operate after establishing a foothold. Many organizations aren’t mature enough to need or benefit from a proper red team assessment. Organizations are often unsure how to approach a Purple Team.

In this talk, I’ll discuss some of the differences between red teaming, assumed breach testing, and purple teams, highlight the strengths and shortcomings of each, provide guidance to help organizations understand which test is right for them, and provide questions they should be asking themselves and their consultants during the initial contact and scoping phases.

Talk Categories

Red, Blue, Purple

Mike Saunders (@hardwaterhacker) is Red Siege Information Security's Principal Consultant. Mike has over 25 years of IT and security expertise, having worked in the ISP, banking, insurance, and agriculture businesses. Mike gained knowledge in a range of roles throughout his career, including system and network administration, development, and security architecture. Mike is a Black Hat Trainer and is a highly regarded and experienced international speaker with notable cybersecurity talks at conferences such as DerbyCon, Circle City Con, NorthSec, SANS Enterprise Summit, the NDSU Cyber Security Conference, in addition to having more than a decade of experience as a penetration tester. You can find Mike's in-depth technical blogs and tool releases online and learn from his several offensive and defensive-focused SiegeCasts. He has been a member of the NCCCDC Red Team on several occasions and is the Premier Red Team Operator for Red Siege Information Security.