دوره Adversary Emulation & Purple Teaming (2022)

In this four-day course, the attendees will walk through the Purple Team Exercise Framework, learning each role that plays a part in purple team engagements. Students will learn to collect Cyber Threat Intelligence (CTI), develop and conduct Adversary Emulation plans based on gathered intelligence, then dive into detection engineering to identify and resolve missed detection opportunities. Each day is a dive into one of the roles, and the course will conclude with a capstone that puts it all together in a purple team engagement. This intermediate-level course aims to broaden the students’ understanding of purple team engagements’ different roles and responsibilities and is geared towards red teamers, blue teamers, intelligence analysts, and managers looking to expand their purple team capabilities.

Syllabus

Day 1
Introductions
Module 1: Intro to Purple
Module 2: Threat/Adversary Emulation
Module 3: Intro to Threats
Module 4: Threat Modeling
Module 5: Threat Analysis
Module 6: Emulation Plans
Day 2
Module 7: Exercise Methodologies
Module 8: Testing Tools
Module 9: Capability Management
Module 10: Capability Development
Module 11: Adaptive Emulation
Module 12: Exercise Execution
Day 3
Module 13: Strategic Drivers of Detection Engineering
Module 14: Detection Engineering Process
Module 15: Common Detection Opportunity Types
Day 4:
Module 16: An Exercise Framework (PTEF)
Module 17: Capstone Prep
Capstone Project (CTF)

BlackHat – Adversary Emulation & Purple Teaming (2022)