Purple Team Security Assessment of Firmware Vulnerabilities

The purple team concept in offensive and defensive security is related to a set of methods, processes or activities that will combine red and blue team to cooperate in order to create a solid security operations team for improving due-care and due-diligence policies in a company or institution. The accelerated evolution of communication technologies that reached also industrial areas, as well as the complexity rising of new security threats have led to the need of security assessment at component and system level. In this paper we present the purple team methodology illustrated by a firmware security analysis of a communication component form the red team perspective, presenting also an analysis report of the threat related information that we were able to collect. We conclude by proposing recommendations for mitigating attacks from the blue team perspective and presenting the integrative approach of the purple team.