Jorge Orchilles and Tim Schulz for a three hour Hands-On Purple Team Exercise Workshop!
***Use a real email address***
In this three hour hands-on workshop you will play the role of Cyber Threat Intelligence, the red team, and the blue team. We have set up an isolated environment for each attendee to go through a Purple Team Exercise.
Learn the basics of Command and Control (C2)
Consume Cyber Threat Intelligence from a known adversary
Extract adversary behaviors/TTPs
Play the Red Team by creating adversary emulation plans
Emulate the adversary with SCYTHE 3.2 in a small environment consisting of a domain controller, member server, and a Linux system
Play the Blue Team and look for Indicators of Compromise
Use Wireshark to identify heartbeat and jitter
Enable Sysmon configurations to detect adversary behavior
All mapped to MITRE ATT&CK
What do you need?
All you need is a web browser on a workstation/laptop (no iPads, sorry). If you want to come better prepared, download, read, and watch the free Purple Team Exercise Framework (PTEF) and webcast:
How will it work?
We are using VMware learning platform to give everyone their own isolated environment. This means we need your real email upon registration so we can provision your environment before the start of the workshop.