Letthemin: Facilitating High Value Purple Teams Using Assumed Compromise
Sarah Hume
DEF CON 33 · Day 1 · Main Stage
In this DEF CON talk, Sarah Hume, Purple Team Service Lead at Security Risk Advisors, introduces a unique and highly effective strategy for conducting purple team engagements: the **assume compromise approach**. This methodology challenges traditional security testing paradigms by shifting the focus from proving initial access or exploiting vulnerabilities to rigorously evaluating the efficacy of an organization's existing security tools and controls. Hume argues that by intentionally bypassing early-stage attack vectors and assuming an adversary has already achieved a certain level of access, security teams can gain unparalleled insights into their defensive capabilities against sophisticated, late-stage threats.
AI review
Competent, practitioner-level talk on purple team methodology with a sensible core thesis — test underlying activity, not tool-specific procedures — and a clean DC Sync walkthrough that illustrates the point well. Nothing here will surprise experienced red/blue teamers, but it's coherently argued and actionable for organizations still running purple teams as glorified pentest validation.