1-Day Training

Free Workshop: Threat Detection and Hunting with PurpleLabs #2 [16 March]

Duration 1 day
Difficulty intermediate



DISCORD :  https://discord.gg/XM86uPxxBZ

DATE: 16 March 2021 

TIME: 19:00 to 21:00 CET/GMT+1


The first workshop of the PurpleLabs series generated a great deal of interest in the scope of detection and threat hunting!


For the first 5 registrations, Leszek will provide 7 days of full access to the PurpleLabs environment supplied with a set of 60+ hands-on lab instructions in the purple teaming structure.


During the #1 session, we have covered how to get network and OS visibility/telemetry needed for advanced detection with Open Source / free tools. We’ve run few simple hunting examples and demonstrated how to use Sigma / Sentinel rules as hints/guides to learn more in the ‘detection vs attack’ formula.


We need to keep learning how adversaries are operating, so after a good introduction to the subject, it’s time for the next step.
During hands-on session #2*, Leszek is going to demonstrate how to create and simulate chain attack steps:
  • Rundll32 communicating with public IP addresses
  • CMSTP Execution
  • Mshta executing VBScript
  • Disabling Windows Defender / modifying Windows Firewall
  • Suspicious non-browser attempts to access suspicious URL
  • Suspicious scheduled task creation
  • Powershell execution with IP arguments
  • Malicious Named Pipe
  • Suspicious Linux Reverse Shell Command Line
  • Linux kernel space rootkit
  • and more
and provide detection coverage for the tools, techniques, and procedures by using PurpleLabs stack:
  • HELK + ElastAlert
  • Sigma rules
  • Sysmon + Windows Events
  • Splunk
  • ElastiFlow
  • Moloch FPC
  • Suricata IDS
  • Zeek IDS
  • Wazuh
  • Velociraptor
  • OSquery
  • Graylog
  • Falco
  • Syslog

* This is a continuation of the topic from the first session.

For those who want to know more about this hands-on cyber range project, here’s the all-in-one picture:

Key Learning Objectives

  • Find out how Detection / Hunting Open Source Software can support your SOC infrastructure & team.
  • Learn ways to improve detection and sharpen your event correlation skills across many different data sources
  • Generate evil, find the malicious activities, and identify threat details on the network
  • Prepare your SOC team for fast filtering out network noise and allow for better incident response handling
  • Understand values of a manual and automated approach to simulate attackers and generate anomalies

Sign Up For an Account

to track your favorites

Sign Up

Want a Training Not Seen Here?

Write to Us

Contact Us