Speakers
Synopsis
In this presentation we describe how the concept of Kali Purple as an open source cyber defence platform evolved during the 2022 AISA CyberCon into being an offical kali.org product by March 2023. We describe the capabilities of Kali Purple and describe the range of tools which come with the workstation and the server-based cybersecurity tools which have been installed on Kali Purple, including ELKStack, OpenCTI, OpenTAXII, Velociraptor, Malcolm, Archimate, and many more.. In addition, we present the reference architecture for Kali Purple which provides a complete open source SOC-in-a-box solution.
We describe in particular the Personal Cyber Range use case built on a single NUC using Proxmox, Kali and Kali Purple. This cyber range includes target servers and a tool called kali-autopilot which is used to automate attack scripts. The purpose of the range is to monitored the attacks and and diagnose them using Kali Purple cyber defence (SIEM, Incident Response, and Threat Hunbting) tools.
We describe the use of the Idaho Labs threat hunting toolset and demonstrate how it is used to analyse pcaps hunting for signs of attack. We run through an industrial control attack scenario and demonstrate how the Malcolm toolset is used to quickly identify the attacker and diagnose the type of attack that was mounted.
While the initial set of tools installed on Kali Purple focused primarily in the security operations, we describe how we are now building out Kali purple with advanced data management tools such as Valkey and governance tools such as Arm=chimate and Modellio, extending the use of Kali Purple from purely cyber defence into the wider IT space.
