Professional Documents
Culture Documents
PH - Purple Team - Attack Mapping
PH - Purple Team - Attack Mapping
Detecte
Index Attack name Attack Description Response Expectation
d
We will run nmap scans on the Nmap signatures should get picked
2. Nmap scans
networks up by firewall or IDS/IPS appliances
We will create a local user on one User creation and promotion to local
8. New local admin host and add him to admin should get flagged by
administrator's group endpoint logs at the SIEM
We will create a domain user and User creation might go unnoticed but
9. New domain admin add him to Domain Admins adding to DA group should get
group flagged