Operation Purple w/Tim Schulz

Instructor: Tim Schulz
Course Length: 16-Hours

Includes: 12 months of complimentary access to the Antisyphon Cyber Range, certificate of participation, six months access to class recordings.

View Course Schedule

Ever wondered how purple teaming can supercharge your cyber capability? In this 16-hour, hands-on course, attendees will learn the balance between threat understanding and detection understanding to run their own purple team exercises. Attendees will start by learning the underlying methodologies that make purple teaming successful and metrics for success before diving into leveraging the ATT&CK framework to create threat informed emulation plans. Once attendees have successfully built plans, they can leverage tools like SCYTHE or the Slingshot C2 VM to automate the emulation process. Finally, attendees will learn to identify and build detections to their emulated attacks.

KEY TAKEAWAYS

  • Students will learn how to leverage the MITRE ATT&CK framework as part of their daily
    information security workflow
  • Students will learn how to leverage other resources to inform their adversary emulation
    testing
  • Students will learn how to incorporate cyber threat intelligence to inform their security
    testing
  • Students will learn how to build new detections
  • Students will learn how to assess detections
  • Students will learn how to use purple teaming in a strategic roadmap

WHO SHOULD TAKE THIS COURSE

This training is for security analysts, cyber threat intelligence analysts, red teams, and blue teams that want to add more purple teaming to their daily lives.

AUDIENCE SKILL LEVEL

Students should have a basic level of understanding of red and blue team concepts

STUDENT REQUIREMENTS

Strong internet connection.

WHAT EACH STUDENT SHOULD BRING

  •  Laptop with web browser
  • Remote Desktop Protocol (RDP) Client
  • iPads not recommended but we have seen it done before

WHAT STUDENTS WILL BE PROVIDED WITH

  • Courseware
  • Purple Team Exercise Framework
  • Adversary Emulation Plans
  • C2 Matrix Virtual Machine
  • Detection rules and cheat sheets

TRAINER & AUTHOR

Tim_sch

Tim Schulz is SCYTHE’s Adversary Emulation Lead. He has been helping organizations build and train teams to understand and emulate cyber threats for the last seven years while working at multiple FFRDCs. He is the author of the Purple Maturity Model, and has given talks on purple teaming, adversary emulation, MITRE ATT&CK, and technical leadership.

COURSE SCHEDULE

Tue, July 26, 2022 11:00 AM – 4:00 PM ET

Wed, July 27, 2022 12:00 PM – 4:00 PM ET

Thu, July 28, 2022 12:00 PM – 4:00 PM ET

Fri, July 29, 2022 12:00 PM – 4:00 PM ET

Register

Tue, Aug 23, 2022 11:00 AM – 4:00 PM ET

Wed, Aug 24, 2022 12:00 PM – 4:00 PM ET

Thu, Aug 25, 2022 12:00 PM – 4:00 PM ET

Fri, Aug 26, 2022 12:00 PM – 4:00 PM ET

Register

Tue, Oct 11, 2022 9:00 AM – 5:00 PM MT

Wed, Oct 12, 2022 9:00 AM – 5:00 PM MT

Training Type: In-Person/Virtual

Event: WWHF Deadwood 2022

Register