“SnapAttack: Purple Team Collaboration Platform” was co-hosted on May 11, 2021

Abstract: Never has sharing critical threat intelligence and actionable detection analytics been more vital. Unfortunately, hackers are able to modify their TTPs faster than defenders can respond. During this technical talk, Booz Allen Hamilton (BAH) subject matter experts, including the co-creator of SnapAttack, shared their approach to dramatically increasing the detection engineering lifecycle, which results in more robust behavioral analytics. Using the backdrop of a recent ransomware attack analysis, they showed how they leveraged both open source and proprietary code in SnapAttack to enable threat intel, red teams and blue teams to develop, test and deploy analytics across industries.

Presenters:

Clayton Barlow-Wilcox currently leads a team focused on incubating cyber capabilities and products across the BAH ecosystem. He has previously led teams that design, implement, and operate next-gen cybersecurity capabilities to address threats, controls, and risk in new and innovative ways for global clients. He previously held cybersecurity and risk management positions at large organizations, multiple startups, and has advised executive leadership across legal, financial, and healthcare sectors as an outside consultant. Most recently, Clayton has focused on driving client success and delivery within BAH’s Dark Labs with a focus on cyber defense operations.

Tim Nary is the offensive security research lead at Dark Labs, an elite R&D group within BAH that generates next-gen cybersecurity capabilities. As the co-founder of SnapAttack, his team built the first purple teaming platform to enable technical collaboration between red, blue, and threat intelligence teams. While at BAH, Mr. Nary has performed numerous penetration tests and red team engagements for commercial and government clients. He has a passion for offensive development and red team tradecraft, as well as participating in bug bounty programs and capture the flags.