SANS Purple Team

Purple Team Training and Certification

SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses

This course will provide you with:

  • An understanding of how recent high-profile attacks are delivered and how they could have been stopped
  • How to implement security controls throughout all phases of the Cyber Kill Chain, utilizing the MITRE ATT&CK framework, to prevent, detect, and respond to attacks
  • Full preparation for the GIAC Defending Advanced Threats (GDAT) certification


SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection

You will be able to:

  • Build and deploy a full multi-domain enterprise environment
  • Implement realistic adversary emulation plans to bolster breach prevention and detection
  • Develop custom tools and plugins for existing tools to fine-tune your red and purple teaming activities
  • Deliver advanced attacks including application whitelisting bypasses, cross-forest attacks, and stealth persistence strategies
  • Build SIGMA rules to detect advanced adversary techniques
  • Build a purple team for your organization

GIAC Defending Advanced Threats (GDAT)

The GIAC GDAT certification is unique in how it covers both offensive and defensive security topics in-depth. Holders of the GDAT certification have demonstrated advanced knowledge of how adversaries are penetrating networks, and what security controls are effective to stop them.

Graduate Certificate Program in Purple Team Operations

Graduate Certificate Program in Purple Team Operations

Designed for working information security professionals, the graduate certificate in Purple Team Operations is a highly technical 15-credit-hour program focused on merging the applied concepts, skills, and technologies used by blue teams (digital defenders) and red teams (digital attackers) - so you can effectively operate and lead at the intersection of those domains, in the current best practice known as purple operations or purple teams.

About Purple Team

Why a Purple Team? Although they share a common goal, blue teams and red teams are often not well-aligned, which leads to organizations underutilizing their team’s expertise. Think of the Purple Team as a concept aimed at bringing the red and blue teams together to create purple team exercises.

Red teams and blue teams should be encouraged to work as a joint team, to share insights beyond just reporting, to create a strong feedback loop, and to look for detection and prevention controls that can realistically be implemented for immediate improvement.