Webcast Mastering Adversary Emulation with Caldera: A Practical Guide

Watch this in-depth presentation covering topics from understanding the fundamentals of adversary emulation and Caldera's architecture to configuring the platform, running campaigns, and interpreting results. Complete with companion article!

SEC598: Security Automation for Offense, Defense, and Cloud

SEC598: Security Automation for Offense, Defense, and Cloud

This course will provide you with:

  • Methodology for evaluating real-world scenarios within a combination of on-premise and cloud environments using a reference framework that can be immediately used and implemented in your organization
  • Cloud security automation in AWS and Azure
  • Skills to properly engineer your environment to apply security automation
  • Experience in automating secure configurations and seting a desired-state configuration using tools like Terraform, Ansible, CHEF Puppet, and many more to deploy infrastructure as code in different environments


SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses

This course will provide you with:

  • An understanding of how recent high-profile attacks are delivered and how they could have been stopped
  • How to implement security controls throughout all phases of the Cyber Kill Chain, utilizing the MITRE ATT&CK framework, to prevent, detect, and respond to attacks
  • Full preparation for the GIAC Defending Advanced Threats (GDAT) certification


SEC699: Advanced Purple Teaming - Adversary Emulation & Detection Engineering

You will be able to:

  • Build and deploy a full multi-domain enterprise environment
  • Implement realistic adversary emulation plans to bolster breach prevention and detection
  • Develop custom tools and plugins for existing tools to fine-tune your red and purple teaming activities
  • Deliver advanced attacks including application whitelisting bypasses, cross-forest attacks, and stealth persistence strategies
  • Build SIGMA rules to detect advanced adversary techniques
  • Build a purple team for your organization

GIAC Defending Advanced Threats (GDAT)

The GIAC GDAT certification is unique in how it covers both offensive and defensive security topics in-depth. Holders of the GDAT certification have demonstrated advanced knowledge of how adversaries are penetrating networks, and what security controls are effective to stop them.

Running Your First Purple Team Exercise - An Intro to Purple Teaming

Understanding how to consume Cyber Threat Intelligence, emulate attacks, and use detection engineering to ensure your organization (people, process, and technology) can detect and respond to an attack when it inevitably occurs is the cornerstone of purple teaming. In this video, SANS Purple Team Ambassador, Jorge Orchilles, defines Purple Team, then lays out the steps necessary to running your first Purple Team exercise.

Offense informs defense and defense informs offense.


NEW Digital Poster: Purple Concepts

Packed with resources, references, & examples on Purple Team, this digital poster has tips and tricks for emulation plans covering FIN6, APT28, & APT33, plus tons of info on Red Team and Blue Team tools. Check out our Emulation Star Map and easily jump from concept to content.

Purple Team Resources

    Graduate Certificate Program in Purple Team Operations

    Graduate Certificate Program in Purple Team Operations

    Designed for working information security professionals, the graduate certificate in Purple Team Operations is a highly technical 15-credit-hour program focused on merging the applied concepts, skills, and technologies used by blue teams (digital defenders) and red teams (digital attackers) - so you can effectively operate and lead at the intersection of those domains, in the current best practice known as purple operations or purple teams.

    About Purple Team

    Whether your focus area is Red Team, Blue Team, Cyber Threat Intelligence, Detection and Response, or any other facet of security, organizations need trained professionals who can work efficiently, together as a Purple Team.

    SANS Purple Team Curriculum will teach you how to bring your teams together to test, measure, and improve your security posture. Security professionals are most effective when they understand both offense and defense: offense informs defense and defense informs offense. That balanced understanding of attack and defense is the focus of the SANS Purple Team Curriculum.