Enhancing global security posture through uniting red and blue teams with adversary emulation
David Routin
Simon Thoores
Samuel Rossier
BIRMINGHAM—MUMBAI
Copyright © 2022 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
Group Product Manager: Vijin Boricha
Publishing Product Manager: Vijin Boricha
Senior Editor: Tanya D'cruz
Content Development Editor: Yasir Ali Khan
Technical Editor: Arjun Varma
Copy Editor: Safis Editing
Project Coordinator: Shagun Saini
Proofreader: Safis Editing
Indexer: Tejal Daruwale Soni
Production Designer: Shyam Sundar Korumilli
Senior Marketing Coordinator: Hemangi Lotlikar
Marketing Coordinator: Sourodeep Sinha
First published: May 2022
Production reference: 1190522
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
ISBN 978-1-80107-429-2
David Routin became interested in computer security at a young age. He started by learning about old-school attack methods and defense against them in the 1990s with Unix/Linux systems. He now has over two decades of experience and remains passionate about both sides of security (offensive and defensive). He has made multiple contributions to the security industry in different forms, from the MITRE ATT&CK framework, the SIGMA project, and vulnerability disclosures (Microsoft) to public event speaking and multiple publications, including articles in the French MISC magazine.
As a security professional, he has held multiple positions, including security engineer, open source expert, CISO, and now security operations center (SOC) and Purple Team manager at e-Xpert Solutions. Over the last 10 years, he has been in charge of building and operating multiple SOCs for MSSPs and private companies in various sectors (including industry, pharma, insurance, finance, and defense).
His domains of expertise are SOC creation, SIEM technologies, use case development, Blue teaming, incident response for large-scale critical incidents, and forensic (SANS GCFA/GCIH certifications) and applied norms (ISO 27001 and PCI-DSS company certifications).
Simon Thoores is a cybersecurity analyst who specializes in forensics and incident response. He started his career as a security analyst after obtaining an engineering diploma in information system architecture with a focus on security. He built his forensics and reverse engineering skills during large-scale incident responses, and he finally validated these skills with GCFA. Then, he moved to the threat intelligence field to better understand and emulate attackers in order to improve infrastructure security.
Samuel Rossier is currently SOC lead within a government entity where he focuses on detection engineering, incident response, automation, and cyber threat intelligence. He is also a teaching assistant at the SANS Institute. He was previously responsible for a private bank group CIRT, and also worked as an SOC manager within an MSSP. He also spent several years within a consulting cybersecurity practice.
Samuel currently holds a master's degree in information systems and several information security certifications, including GRID, GMON, eCIR, eCTHP, eCRE, eNDP, and eJPT.
He is also a contributor to the MITRE D3FEND and SIGMA frameworks and likes to speak at conferences and analyze malware. He values a strong emphasis on the people dimension of cybersecurity by sharing knowledge.
Ludovic Paillard is co-founder and CTO at Soluss. He worked for several years as an analyst and engineer in an SOC. Ludovic is also involved in the training of computer science students. He is enthusiastic about data analysis and specializes in the Elastic Stack. His motto is, Make security actionable and accessible to all.
Philip Pieterse is an information security consultant and manager with more than 20 years of experience in network and information security. Philip has led and supported the creation and deployment of penetration testing programs for global customers operating in multiple industries, including government and banking.
He has in-depth experience in developing comprehensive, customized penetration testing programs, including Red Team emulations. As a leader, he is highly skilled in establishing training and mentoring initiatives to cultivate high-performance teams.
Philip holds a master's degree in network and information security and has extensive training and certifications, including GXPN and GCPN through SANS and CISSP from ISC.
3.144.38.24