Follow-up Article to Our Webcast Series
Cyber threat intelligence should drive detection engineering to ensure coverage of real-world threats targeting your organization. In this article we discuss how and why Detection Engineering is a critical process in Purple Team Exercises and Operationalized Purple Teaming as a follow-up to our recent Purple Team webcasts.
SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses
This course will provide you with:
- An understanding of how recent high-profile attacks are delivered and how they could have been stopped
- How to implement security controls throughout all phases of the Cyber Kill Chain, utilizing the MITRE ATT&CK framework, to prevent, detect, and respond to attacks
- Full preparation for the GIAC Defending Advanced Threats (GDAT) certification
SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection
You will be able to:
- Build and deploy a full multi-domain enterprise environment
- Implement realistic adversary emulation plans to bolster breach prevention and detection
- Develop custom tools and plugins for existing tools to fine-tune your red and purple teaming activities
- Deliver advanced attacks including application whitelisting bypasses, cross-forest attacks, and stealth persistence strategies
- Build SIGMA rules to detect advanced adversary techniques
- Build a purple team for your organization
GIAC Defending Advanced Threats (GDAT)
The GIAC GDAT certification is unique in how it covers both offensive and defensive security topics in-depth. Holders of the GDAT certification have demonstrated advanced knowledge of how adversaries are penetrating networks, and what security controls are effective to stop them.
Running Your First Purple Team Exercise - An Intro to Purple Teaming
Understanding how to consume Cyber Threat Intelligence, emulate attacks, and use detection engineering to ensure your organization (people, process, and technology) can detect and respond to an attack when it inevitably occurs is the cornerstone of purple teaming. In this video, SANS Purple Team Ambassador, Jorge Orchilles, defines Purple Team, then lays out the steps necessary to running your first Purple Team exercise.
Offense informs defense and defense informs offense.
NEW Digital Poster: Purple Concepts
Packed with resources, references, & examples on Purple Team, this digital poster has tips and tricks for emulation plans covering FIN6, APT28, & APT33, plus tons of info on Red Team and Blue Team tools. Check out our Emulation Star Map and easily jump from concept to content.
Purple Team Resources
Graduate Certificate Program in Purple Team Operations
Designed for working information security professionals, the graduate certificate in Purple Team Operations is a highly technical 15-credit-hour program focused on merging the applied concepts, skills, and technologies used by blue teams (digital defenders) and red teams (digital attackers) - so you can effectively operate and lead at the intersection of those domains, in the current best practice known as purple operations or purple teams.
About Purple Team
Whether your focus area is Red Team, Blue Team, Cyber Threat Intelligence, Detection and Response, or any other facet of security, organizations need trained professionals who can work efficiently, together as a Purple Team.
SANS Purple Team Curriculum will teach you how to bring your teams together to test, measure, and improve your security posture. Security professionals are most effective when they understand both offense and defense: offense informs defense and defense informs offense. That balanced understanding of attack and defense is the focus of the SANS Purple Team Curriculum.