BRIDGING THE GAP BETWEEN OFFENSE AND DEFENSE: MASTER THE ART OF PURPLE TEAM OPERATIONS
Threat intelligence done right.
This course is focused on using comprehensive threat modeling to determine the most likely avenue of approach for an adversary by evaluating and analyzing the unique topology of a network. Students will learn to analyze data through the scope of cyber adversaries for pertinent indicators of compromise within endpoint and network appliances, traffic analysis, data analysis and more. This analysis will reveal likely target network infrastructure and coverage gaps. This course couples offensive security concepts with blue team defensive strategies to maximize the allocation of cyber resources, placing the squarely in the path of the would-be attacker.
​
Course Objective
Intro to Purple Team Operations (TI-II) builds on the concepts introduced in the CIAO TI-I course. Strategic network defense relies on understanding your risks and the likely attack vectors within your environment. Through analysis of the threats and your own infrastructure, the most pervasive security issues become clear. In this course, students will develop a clear picture of the threats that must be prioritized, develop comprehensive strategies for how to develop a practical defense in depth policy & apply that strategy to thwarting the most likely cyber attacks.
OVERVIEW
Target audience: This course is designed for technical network defenders tasked with the strategic planning and implementation of their network defense resources.
​
Prerequisites
Cyber Intelligence Analytics and Operations (CIAO TI-I) strongly recommended
Length: Approx 35 Hours of Instruction
Completion: Course Certification
Unit 1: Intelligence Driven Operations
-
Module 1.1: Intelligence Operations Overview
-
Planning/Direction
-
Intelligence Driven Operations
-
Collection and Exploitation
-
Analysis and Reporting
-
-
Module 1.2: Cyber Risk Analysis
-
Analyzing your Target Network
-
System Baselining
-
Determining Likelihood & Impact
-
-
Module 1.3: Threat Modeling
-
Threat Modeling and Gap Analysis
-
Recon & Enumeration
-
Intrusion, Persistence & Escalation
-
Actions on the Objective
-
Motives and Opportunities (Vulnerabilities)
-
Unit 2: Channeling the Adversary
-
Module 2.1:Historic Attacks
-
Attack Analysis
-
Campaign phases (opportunities for action)
-
-
Operationalizing Hindsight
-
Introduction to Ethical Hacking
-
Penetration Testing
-
Exploits and Red Teaming
-
-
-
Module 2.2: Actioning the Avenue of Approach
-
Testing Current Defenses
-
Pivoting the Attack Campaign
-
Bypassing Defensive Measures
-
-
Module 2.3: Introduction to Malware Analysis
-
Orientation
-
Sandboxing
-
Content and String Analysis
-
Unit 3: Closing in on the Adversary
-
Module 3.1: Targeted Risk Treatment
-
-
Prevention
-
-
Whitelisting/Group Policies
-
Attack Phase Prevention
-
OS Specific Threat Hunting
-
Detection
-
-
Traffic Analysis
-
-
Module 3.2: Introduction to Threat Hunting
-
Operational Overview
-
Tools and VMs
-
-
OS Specific Threat Hunting
-
Hunting on the Network
-
Networking Overview: Protocols and Data
-
Log Analysis vs. Active Data
-
Centralized Logging
-
-
-
Module 3.3: Platforms and Reporting
-
Operations Notes
-
Hotwash/After Action
-
-
Reporting
-
Platforms vs Traditional
-
-
- Access granted once registeredOnline, Self-Paced TrainingAccess granted once registeredOnline, Self-Paced TrainingAccess granted once registeredOnline, Self-Paced TrainingLearn the facets of intelligence analysis and how to utilize it to perform ongoing cyber operations to scrutinize intrusions and conduct proactive investigations. This class is available for online for 60 days from registration with weekly live cohorts & concludes with a certificate of training.
- Tue, Jan 18Live Virtual, Instructor-LedJan 18, 2022, 8:00 AM MST – Jan 22, 2022, 4:00 PM MSTLive Virtual, Instructor-LedJan 18, 2022, 8:00 AM MST – Jan 22, 2022, 4:00 PM MSTLive Virtual, Instructor-LedIn this course, students will develop a clear picture of the threats that must be prioritized, develop comprehensive strategies for how to develop a practical defense in depth policy & apply that strategy to thwarting the most likely cyber attacks.
- Multiple DatesMon, Jan 03Every Monday & Wed for 8 Weeks, VirtualJan 03, 2022, 8:00 AM MST – Feb 23, 2022, 4:00 PM MSTEvery Monday & Wed for 8 Weeks, VirtualJan 03, 2022, 8:00 AM MST – Feb 23, 2022, 4:00 PM MSTEvery Monday & Wed for 8 Weeks, VirtualBootcamp style course to learn the networking and security foundations necessary to begin a career in Cybersecurity. Every Monday and Wednesday for a period of 8 Weeks. Prepares students for industry standard certifications such as Net+/Sec+
- Tue, Jan 05Boise, ID, USAJan 05, 2021, 8:30 AM – Feb 23, 2021, 4:30 PMBoise, ID, USAJan 05, 2021, 8:30 AM – Feb 23, 2021, 4:30 PMBoise, ID, USABootcamp style course to learn the networking and security foundations necessary to begin a career in Cybersecurity. Every Monday and Wednesday for a period of 8 Weeks. Prepares students for industry standard certifications such as Net+/Sec+
- Tue, Sep 15Zoom Virtual EventSep 15, 2020, 8:30 AM MDT – Sep 26, 2020, 4:30 PM MDTZoom Virtual Event
- Mon, Jun 22Virtual Instructor Led TrainingJun 22, 2020, 9:00 AM MDT – Jun 26, 2020, 5:00 PM MDTVirtual Instructor Led TrainingJun 22, 2020, 9:00 AM MDT – Jun 26, 2020, 5:00 PM MDTVirtual Instructor Led TrainingLearn the facets of intelligence analysis and how to utilize it to perform ongoing cyber operations to scrutinize intrusions and conduct proactive investigations. This class is 5 days of instructor-led training and concludes with a certificate of training.
- Mon, May 18Virtual Instructor Led TrainingMay 18, 2020, 8:30 AM MDT – May 22, 2020, 4:30 PM MDTVirtual Instructor Led TrainingMay 18, 2020, 8:30 AM MDT – May 22, 2020, 4:30 PM MDTVirtual Instructor Led TrainingLearn the facets of intelligence analysis and how to utilize it to perform ongoing cyber operations to scrutinize intrusions and conduct proactive investigations. This class is 5 days of instructor-led training and concludes with a certificate of training.
- Mon, Apr 27Online, Virtual Instructor-Led TrainingApr 27, 2020, 8:30 AM MDT – May 01, 2020, 5:30 PM MDTOnline, Virtual Instructor-Led TrainingApr 27, 2020, 8:30 AM MDT – May 01, 2020, 5:30 PM MDTOnline, Virtual Instructor-Led TrainingLearn the facets of intelligence analysis and how to utilize it to perform ongoing cyber operations to scrutinize intrusions and conduct proactive investigations. This class is 5 days of instructor-led training and concludes with a certificate of training.
- Tue, Jan 07Boise, ID, USAJan 07, 2020, 7:30 AM – Jan 11, 2020, 4:30 PMBoise, ID, USA
- Tue, Nov 26Boise, ID, USANov 26, 2019, 8:30 AM MST – Nov 30, 2019, 4:30 PM MSTBoise, ID, USA
- Tue, Oct 22Boise, ID, USAOct 22, 2019, 8:30 AM MDT – Oct 26, 2019, 4:30 PM MDTBoise, ID, USA
upcoming cIAO Courses
- Access granted once registeredOnline, Self-Paced TrainingAccess granted once registeredOnline, Self-Paced TrainingAccess granted once registeredOnline, Self-Paced TrainingLearn the facets of intelligence analysis and how to utilize it to perform ongoing cyber operations to scrutinize intrusions and conduct proactive investigations. This class is available for online for 60 days from registration with weekly live cohorts & concludes with a certificate of training.
- Tue, Jan 18Live Virtual, Instructor-LedJan 18, 2022, 8:00 AM MST – Jan 22, 2022, 4:00 PM MSTLive Virtual, Instructor-LedJan 18, 2022, 8:00 AM MST – Jan 22, 2022, 4:00 PM MSTLive Virtual, Instructor-LedIn this course, students will develop a clear picture of the threats that must be prioritized, develop comprehensive strategies for how to develop a practical defense in depth policy & apply that strategy to thwarting the most likely cyber attacks.
- Multiple DatesMon, Jan 03Every Monday & Wed for 8 Weeks, VirtualJan 03, 2022, 8:00 AM MST – Feb 23, 2022, 4:00 PM MSTEvery Monday & Wed for 8 Weeks, VirtualJan 03, 2022, 8:00 AM MST – Feb 23, 2022, 4:00 PM MSTEvery Monday & Wed for 8 Weeks, VirtualBootcamp style course to learn the networking and security foundations necessary to begin a career in Cybersecurity. Every Monday and Wednesday for a period of 8 Weeks. Prepares students for industry standard certifications such as Net+/Sec+
- Tue, Jan 05Boise, ID, USAJan 05, 2021, 8:30 AM – Feb 23, 2021, 4:30 PMBoise, ID, USAJan 05, 2021, 8:30 AM – Feb 23, 2021, 4:30 PMBoise, ID, USABootcamp style course to learn the networking and security foundations necessary to begin a career in Cybersecurity. Every Monday and Wednesday for a period of 8 Weeks. Prepares students for industry standard certifications such as Net+/Sec+
- Tue, Sep 15Zoom Virtual EventSep 15, 2020, 8:30 AM MDT – Sep 26, 2020, 4:30 PM MDTZoom Virtual Event
- Mon, Jun 22Virtual Instructor Led TrainingJun 22, 2020, 9:00 AM MDT – Jun 26, 2020, 5:00 PM MDTVirtual Instructor Led TrainingJun 22, 2020, 9:00 AM MDT – Jun 26, 2020, 5:00 PM MDTVirtual Instructor Led TrainingLearn the facets of intelligence analysis and how to utilize it to perform ongoing cyber operations to scrutinize intrusions and conduct proactive investigations. This class is 5 days of instructor-led training and concludes with a certificate of training.
- Mon, May 18Virtual Instructor Led TrainingMay 18, 2020, 8:30 AM MDT – May 22, 2020, 4:30 PM MDTVirtual Instructor Led TrainingMay 18, 2020, 8:30 AM MDT – May 22, 2020, 4:30 PM MDTVirtual Instructor Led TrainingLearn the facets of intelligence analysis and how to utilize it to perform ongoing cyber operations to scrutinize intrusions and conduct proactive investigations. This class is 5 days of instructor-led training and concludes with a certificate of training.
- Mon, Apr 27Online, Virtual Instructor-Led TrainingApr 27, 2020, 8:30 AM MDT – May 01, 2020, 5:30 PM MDTOnline, Virtual Instructor-Led TrainingApr 27, 2020, 8:30 AM MDT – May 01, 2020, 5:30 PM MDTOnline, Virtual Instructor-Led TrainingLearn the facets of intelligence analysis and how to utilize it to perform ongoing cyber operations to scrutinize intrusions and conduct proactive investigations. This class is 5 days of instructor-led training and concludes with a certificate of training.
- Tue, Jan 07Boise, ID, USAJan 07, 2020, 7:30 AM – Jan 11, 2020, 4:30 PMBoise, ID, USA
- Tue, Nov 26Boise, ID, USANov 26, 2019, 8:30 AM MST – Nov 30, 2019, 4:30 PM MSTBoise, ID, USA
- Tue, Oct 22Boise, ID, USAOct 22, 2019, 8:30 AM MDT – Oct 26, 2019, 4:30 PM MDTBoise, ID, USA
training solutions
We offer online and instructor led training solutions using our own highly adaptive, tailored platform to optimize student learning and retention.
Threat Intelligence Certification Program
Network and Security Fundamentals Course
Introduction to Purple Team Security Operations
Intel driven Digital Forensics Investigations
Intel led Orchestration and Automation (SOAR)
Custom Cybersecurity Training (Contact)