Applied Purple Teaming
Infrastructure, Threat Optics, and Continuous Improvement
Defensive Origins Course: APT0602020 June 6, 2020
A Defensive Origins and Black Hills Information Security Collaboration
Who he heck is Defensive Origins? https://defensiveorigins.com/about-us/
Join the Defensive Origins Mailing List: https://register.defensiveorigins.com
Upcoming Defensive Origins Training: https://training.defensiveorigins.com
Upcoming BHIS & WWHF sponsored Training: https://wildwesthackinfest.com/online-training/
Training Schedule
Event | Date | Cost | Registration |
---|---|---|---|
Applied Purple Teaming: Infrastructure, Threat Optics, and Continuous Improvement (4 hrs) | Saturday June 6, 2020 11AM-4PM EDT |
FREE! | |
Applied Purple Teaming Full three day course, 5.5 hrs per day.
|
June 30th - July 2nd 2020 | $395 | Register |
Courseware
Section | Link |
---|---|
APT: Infrastructure, Threat Optics, Continuous Improvement Book |
|
C0100-1: APT Course Introduction | |
C0310-1: Event Baselines and Sysmon | |
C0320-1: Event Handlers and Subscriptions | |
C0330-1: Log Shipping and Event Ingests | |
C0150-1: Applied Purple Team Lifecycle / Continuous Improvement |
Course Content
Component | Information |
---|---|
Course Information | Course Abstract, Objectives, Schedule |
Lab-Build-PreReq | Optional Pre-Req Lab This includes instructions on setting up the optional lab-environment. If you wish to complete the labs during class, have the lab Pre-Reqs completed before class starts. |
DomainBuildScripts | Optional Pre-Req Lab Domain Scripts Additional information on building the optional lab |
Lab-GPOs | This section will be covered in class. These are GPOs that are imported into the lab environment |
Lab-Sysmon Sysmon Batch Fule sysmon-modular |
This section will be covered in class. Sysmon batch (bat) file. Note: Due to licensing, it is not possible to include sysmon in the APT repository. Download Sysmon binaries here: Sysmon - ZIP Sysmon-Modular (olafhartong) - GIT (included) |
Lab-WEF-Palantir | This section will be covered in class. WEF configuration static repo for APT. Master: palantir/windows-event-forwarding |
Lab-WinLogBeat | This section will be covered in class. WinLogBeat configuration file for lab. Note: Due to licensing, it is not possible to include WinLogBeat in the APT repository. Download WinLogBeat binaries here: WinLogBeats |
Community Provided Additional Configuration
Component | Information |
---|---|
Lab-Template-Vagrant | Vagrnat template provided by @ianblenke NOTE: Defensive Origins has not tested this configuration. |
Copyright - All Rights Reserved, Defensive Origins LLC