Instructor: Tim Schulz
Course Length: 16 Hours
Includes: Twelve months of complimentary access to the Antisyphon Cyber Range, certificate of participation, six months access to class recordings.

Course Description
Ever wondered how purple teaming can supercharge your cyber capability? In this 16-hour, hands-on course, attendees will learn the balance between threat understanding and detection understanding to run their own purple team exercises. Attendees will start by learning the underlying methodologies that make purple teaming successful and metrics for success before diving into leveraging the ATT&CK framework to create threat informed emulation plans. Once attendees have successfully built plans, they can leverage tools like SCYTHE or the Slingshot C2 VM to automate the emulation process. Finally, attendees will learn to identify and build detections to their emulated attacks.
Key Takeaways
- Students will learn how to leverage the MITRE ATT&CK framework as part of their daily
information security workflow - Students will learn how to leverage other resources to inform their adversary emulation
testing - Students will learn how to incorporate cyber threat intelligence to inform their security
testing - Students will learn how to build new detections
- Students will learn how to assess detections
- Students will learn how to use purple teaming in a strategic roadmap
Who Should Take This Course
This training is for security analysts, cyber threat intelligence analysts, red teams, and blue teams that want to add more purple teaming to their daily lives.
Student Skill Level
Students should have a basic level of understanding of red and blue team concepts
Student Requirements
Strong internet connection.
What Students Should Bring
- Laptop with web browser
- Remote Desktop Protocol (RDP) Client
- iPads not recommended but we have seen it done before
What Students Will Be Provided
- Courseware
- Purple Team Exercise Framework
- Adversary Emulation Plans
- C2 Matrix Virtual Machine
- Detection rules and cheat sheets
Trainer & Author

SCYTHE’s Adversary Emulation Lead, he has been helping organizations build and train teams to understand and emulate cyber threats for the last seven years while working at multiple FFRDCs. He is the author of the Purple Maturity Model, and has given talks on purple teaming, adversary emulation, MITRE ATT&CK, and technical leadership.
Live Training Events
There are no sessions of this course currently on our schedule.
Please keep an eye on the Live Training Calendar page for updates, or Contact Us for a private training session.