Ever wondered how purple teaming can supercharge your cyber capability? In this 16-hour, hands-on course, attendees will learn the balance between threat understanding and detection understanding to run their own purple team exercises. Attendees will start by learning the underlying methodologies that make purple teaming successful and metrics for success before diving into leveraging the ATT&CK framework to create threat informed emulation plans. Once attendees have successfully built plans, they can leverage tools like SCYTHE or the Slingshot C2 VM to automate the emulation process. Finally, attendees will learn to identify and build detections to their emulated attacks.
- Students will learn how to leverage the MITRE ATT&CK framework as part of their daily
information security workflow
- Students will learn how to leverage other resources to inform their adversary emulation
- Students will learn how to incorporate cyber threat intelligence to inform their security
- Students will learn how to build new detections
- Students will learn how to assess detections
- Students will learn how to use purple teaming in a strategic roadmap
WHO SHOULD TAKE THIS COURSE
This training is for security analysts, cyber threat intelligence analysts, red teams, and blue teams that want to add more purple teaming to their daily lives.
AUDIENCE SKILL LEVEL
Students should have a basic level of understanding of red and blue team concepts
Strong internet connection.
WHAT EACH STUDENT SHOULD BRING
- Laptop with web browser
- Remote Desktop Protocol (RDP) Client
- iPads not recommended but we have seen it done before
WHAT STUDENTS WILL BE PROVIDED WITH
- Purple Team Exercise Framework
- Adversary Emulation Plans
- C2 Matrix Virtual Machine
- Detection rules and cheat sheets
TRAINER & AUTHOR
Tim Schulz is SCYTHE’s Adversary Emulation Lead. He has been helping organizations build and train teams to understand and emulate cyber threats for the last seven years while working at multiple FFRDCs. He is the author of the Purple Maturity Model, and has given talks on purple teaming, adversary emulation, MITRE ATT&CK, and technical leadership.