In & Out (Purple Edition) – Detection as Code vs Adversary Simulations

This unique approach of 'Detection as Code vs Adversary Simulations' in a condensed format will allow increasing the level of knowledge in the field of RED / BLUE / PURPLE to both experienced specialists and beginners while maintaining the attractiveness and pleasure of performed tasks - detection does not have to be boring and tedious!  

Who Should Attend

  • Red and Blue team members
  • Security / Data Analytics
  • CIRT / Incident Response Specialists
  • Network Security Engineers
  • SOC members and SIEM Engineers
  • AI / Machine Learning Developers
  • Chief Security Officers and IT Security Directors
 

$3,299.00

Duration

3 days

Delivery Method

virtual

Level

advanced

Seats Available

20

Duration

3 days

Delivery Method

virtual

Level

advanced

Class mode: VIRTUAL LIVE STREAM  


Ask us about upcoming dates!

This special In & Out – Detection as Code vs Adversary Simulations – Purple Edition (Red and Blue on Steroids) is an advanced, fast-track, lab-based training created to present participants:

  • The importance of Blue and Red team cooperation
  • Advanced detection methods and techniques against exfiltration and lateral movement including event mapping, grouping, and tagging
  • Understand the tactics and behaviors of the adversary after gaining initial access to the network (Linux/Windows)
  • Detection methods of C2 traffic, tunneling, hiding, pivoting and custom, simulated malicious network events
  • Capabilities of many popular Open Source tools and integration with 3rd party security (IDS/IPS/WAF/EDR/FPC) and analytics solutions against adversaries C2-based actions
  • Verification methods and techniques for product and service providers from IT Security space in terms of internal testing and PoC / PoV programs

The primary goal of this training is to generate offensive attack events/symptoms within PurpleLABS infrastructure that later should be detected by Open Source SOC stack including Sigma – the open standard event description rule set and the rest of dedicated, open-source security solutions in use.

Participants will thoroughly familiarize themselves with the content of the available Sigma detection rules and their structure, better understand the essence of offensive actions, learn the low-level relationships between data sources, and thus achieve knowledge in creating their own detection rules and eventually bypassing them.

 

Why You Should Take This Course

This unique approach of ‘Detection as Code vs Adversary Simulations’ in a condensed format will allow increasing the level of knowledge in the field of RED / BLUE / PURPLE to both experienced specialists and beginners while maintaining the attractiveness and pleasure of performed tasks – detection does not have to be boring and tedious!  

Who Should Attend

  • Red and Blue team members
  • Security / Data Analytics
  • CIRT / Incident Response Specialists
  • Network Security Engineers
  • SOC members and SIEM Engineers
  • AI / Machine Learning Developers
  • Chief Security Officers and IT Security Directors
 

Who Should Attend

TBA

Key Learning Objectives

  • Learn ways to improve your detection and event correlations skills across many different data sources

  • Find the malicious activities and identify threats details on the network

  • Prepare your SOC team for fast filtering out network noise and allow for better incident response handling

  • Learn current trends, techniques, and tools for network exfiltration and lateral movements

  • Find out how DFIR / IR Open Source Software can support your SIEM infrastructure

  • Understand the value of DLP / IDS / IPS / FW / WAF / Memory Forensics against real adversary lab scenarios

  • Understand values from an automated approach to simulating attackers and generating anomalies

  • Identify blind spots in your network security posture
  • Prerequisite Knowledge

    • An intermediate level of command-line syntax experience using Linux and Windows
    • Fundament knowledge of TCP/IP network protocols
    • Penetration testing experience performing enumeration, exploiting, and lateral movement is beneficial, but not required
    • Basic programming skills are a plus, but not essential
     

    What students say about this training

     

    “The content of in and out was great. Lots of gained knowledge and hands on!”

     

    “Great course! A truly huge number of topics and tools covered”

     

    “Leszek was a really good trainer, he covered a lot of material, and had a very good personality.”

     

    “Leszek Miś is very knowledge in the topics covered in the course. He also shares real life scenario which were useful for participant to better understand application of material presented. Contents were very good, it covers many leading open source project which i find it useful. I would recommend this course to my colleagues.”

     

    Hardware / Software Requirements

    • VPN client installed according to VPN Setup instructions
    • Slack account as an invite to dedicated training channel will be sent
    • Stable internet connection
    • Recommended:
      • Zoom client installed
      • HD Camera to have 1:1 access to an instructor and the rest of the participants.
    This training is based on dedicated PurpleLABS cloud infrastructure, so there are no special student’s desktop requirements. No more initial setup issues, just a pure training experience!

    Your Instructor

    No data was found