SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
Mastering Adversary Emulation with Caldera: A Practical Guide
Watch this in-depth presentation covering topics from understanding the fundamentals of adversary emulation and Caldera's architecture to configuring the platform, running campaigns, and interpreting results. Complete with companion article!
SEC598: Security Automation for Offense, Defense, and Cloud
This course will provide you with:
- Methodology for evaluating real-world scenarios within a combination of on-premise and cloud environments using a reference framework that can be immediately used and implemented in your organization
- Cloud security automation in AWS and Azure
- Skills to properly engineer your environment to apply security automation
- Experience in automating secure configurations and seting a desired-state configuration using tools like Terraform, Ansible, CHEF Puppet, and many more to deploy infrastructure as code in different environments
SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses
This course will provide you with:
- An understanding of how recent high-profile attacks are delivered and how they could have been stopped
- How to implement security controls throughout all phases of the Cyber Kill Chain, utilizing the MITRE ATT&CK framework, to prevent, detect, and respond to attacks
- Full preparation for the GIAC Defending Advanced Threats (GDAT) certification
SEC699: Advanced Purple Teaming - Adversary Emulation & Detection Engineering
You will be able to:
- Build and deploy a full multi-domain enterprise environment
- Implement realistic adversary emulation plans to bolster breach prevention and detection
- Develop custom tools and plugins for existing tools to fine-tune your red and purple teaming activities
- Deliver advanced attacks including application whitelisting bypasses, cross-forest attacks, and stealth persistence strategies
- Build SIGMA rules to detect advanced adversary techniques
- Build a purple team for your organization
GIAC Defending Advanced Threats (GDAT)
The GIAC GDAT certification is unique in how it covers both offensive and defensive security topics in-depth. Holders of the GDAT certification have demonstrated advanced knowledge of how adversaries are penetrating networks, and what security controls are effective to stop them.
Running Your First Purple Team Exercise - An Intro to Purple Teaming
Understanding how to consume Cyber Threat Intelligence, emulate attacks, and use detection engineering to ensure your organization (people, process, and technology) can detect and respond to an attack when it inevitably occurs is the cornerstone of purple teaming. In this video, SANS Purple Team Ambassador, Jorge Orchilles, defines Purple Team, then lays out the steps necessary to running your first Purple Team exercise.
Offense informs defense and defense informs offense.
Digital Poster - Purple Concepts: Bridging the Gap
Packed with resources, references, & examples on Purple Team, this digital poster has tips and tricks for emulation plans covering FIN6, APT28, & APT33, plus tons of info on Red Team and Blue Team tools. Check out our Emulation Star Map and easily jump from concept to content.
Graduate Certificate Program in Purple Team Operations
Designed for working information security professionals, the graduate certificate in Purple Team Operations is a highly technical 15-credit-hour program focused on merging the applied concepts, skills, and technologies used by blue teams (digital defenders) and red teams (digital attackers) - so you can effectively operate and lead at the intersection of those domains, in the current best practice known as purple operations or purple teams.
