Purple Teaming Reloaded: AI, Adversaries & the New SEC599

The updated SEC599: Defeating Advanced Adversaries – Purple Team Tactics & Kill Chain Defenses builds on the course’s strong foundation, while incorporating cutting-edge updates that reflect today’s adversaries, tools, and enterprise environments.

This is not a course reboot, it's an evolution, shaped by real-world feedback, new threat intelligence, and a desire to deepen critical skill areas like detection engineering, automation, and threat-informed defense.

Still There – Because It Worked

We’ve preserved the key components that made SEC599 stand out:

1. A strong Cyber Kill Chain and MITRE ATT&CK backbone
2. Balanced emphasis on prevention, detection, and offense
3. A capstone “Defend-the-Flag” day that puts skills to the test
4. Alignment with the GIAC GDAT certification
5. Deep, hands-on labs built for real-world security practitioners

What’s New and Improved

Foundational Enhancements

1. Updated threat models using fresh APT case studies
2. Deeper focus on telemetry: How EDR/XDR solutions generate, structure, and miss telemetry
3. Expanded detection stack: Now includes XDR, SOAR, NDR, and playbook-driven detection engineering
4. New emphasis on tiered logging, auxiliary data, and analytics integration with MITRE

Modern Purple Teaming

1. Fully rewritten purple teaming sections, drawing from content delivered at RSA talks in 2023, 2024 and 2025
2. Automation of atomic TTPs using Caldera
3. Terraform-based cyber range: Students can now spin up realistic purple team labs after class ends

Attack Techniques & Payloads

1. Major updates to PowerShell tradecraft, payload analysis, and phishing delivery methods
2. Consolidated MFA bypass techniques, with coverage of MFA bombing and token abuse

Persistence, C2 & Threat Hunting

1. Rewritten persistence and C2 sections with updated tools, examples, and threat hunting strategies
2. New material on Velociraptor, Defender for Endpoint, Jupyter notebooks, and post-exploitation telemetry

Active Directory and Privilege Escalation

1. Revamped AD security content: hygiene, attack paths (BloodHound, AD Miner), and updated Kerberos material
2. Updated sections on Kerberoasting, Silver Ticket, Golden Ticket, Diamond Ticket, and Skeleton Key, with clearer visuals and detection tactics
3. Lateral movement reorganized around attack path thinking

Threat Intel, Incident Response, and Ransomware

1. Modernized threat intel & hunting: YARA, PDB paths, import hashes, SOAR/MISP integration
2. Merged and refreshed ransomware and exfiltration modules, including Purview, double extortion, and real-world case flow

To learn more, explore upcoming sessions, and access your FREE preview of SEC599: Defeating Advanced Adversaries – Purple Team Tactics & Kill Chain Defenses, click here!