top of page
24a.png

INTRO TO PURPLE TEAM OPERATIONS

Anchor 1

BRIDGING THE GAP BETWEEN OFFENSE AND DEFENSE: MASTER THE ART OF PURPLE TEAM OPERATIONS 

Threat intelligence done right.

This course is focused on using comprehensive threat modeling to determine the most likely avenue of approach for an adversary by evaluating and analyzing the unique topology of a network. Students will learn to analyze data through the scope of cyber adversaries for pertinent indicators of compromise within endpoint and network appliances, traffic analysis, data analysis and more. This analysis will reveal likely target network infrastructure and coverage gaps. This course couples offensive security concepts with blue team defensive strategies to maximize the allocation of cyber resources, placing the squarely in the path of the would-be attacker.

​

Course Objective

Intro to Purple Team Operations (TI-II) builds on the concepts introduced in the CIAO TI-I course. Strategic network defense relies on understanding your risks and the likely attack vectors within your environment. Through analysis of the threats and your own infrastructure, the most pervasive security issues become clear. In this course, students will develop a clear picture of the threats that must be prioritized, develop comprehensive strategies for how to develop a practical defense in depth policy & apply that strategy to thwarting the most likely cyber attacks.

OVERVIEW

3unnamed.jpg

Target audience: This course is designed for technical network defenders tasked with the strategic planning and implementation of their network defense resources.

​

Prerequisites

Cyber Intelligence Analytics and Operations (CIAO TI-I) strongly recommended

 

Length: Approx 35 Hours of Instruction

 

Completion: Course Certification

Unit 1: Intelligence Driven Operations

  • Module 1.1: Intelligence Operations Overview

    • Planning/Direction

    • Intelligence Driven Operations

    • Collection and Exploitation

    • Analysis and Reporting

  • Module 1.2: Cyber Risk Analysis

    • Analyzing your Target Network

    • System Baselining

    • Determining Likelihood & Impact

  • Module 1.3: Threat Modeling

    • Threat Modeling and Gap Analysis

    • Recon & Enumeration

    • Intrusion, Persistence & Escalation

    • Actions on the Objective

    • Motives and Opportunities (Vulnerabilities)

 

Unit 2: Channeling the Adversary

  • Module 2.1:Historic Attacks

    • Attack Analysis

      • Campaign phases (opportunities for action)

    • Operationalizing Hindsight

    • Introduction to Ethical Hacking

      • Penetration Testing

      • Exploits and Red Teaming

  • Module 2.2: Actioning the Avenue of Approach

    • Testing Current Defenses

    • Pivoting the Attack Campaign

    • Bypassing Defensive Measures

  • Module 2.3: Introduction to Malware Analysis

    • Orientation

    • Sandboxing

    • Content and String Analysis

 

Unit 3: Closing in on the Adversary

  • Module 3.1: Targeted Risk Treatment

      • Prevention

    • Whitelisting/Group Policies

    • Attack Phase Prevention

      • OS Specific Threat Hunting

      • Detection

    • Traffic Analysis

  • Module 3.2: Introduction to Threat Hunting

    • Operational Overview

      • Tools and VMs

    • OS Specific Threat Hunting

    • Hunting on the Network

      • Networking Overview: Protocols and Data

      • Log Analysis vs. Active Data

      • Centralized Logging

  • Module 3.3: Platforms and Reporting

    • Operations Notes

      • Hotwash/After Action

    • Reporting

      • Platforms vs Traditional

!
Widget Didn’t Load
Check your internet and refresh this page.
If that doesn’t work, contact us.
upcoming

upcoming cIAO Courses

!
Widget Didn’t Load
Check your internet and refresh this page.
If that doesn’t work, contact us.

training solutions

We offer online and instructor led training solutions using our own highly adaptive, tailored platform to optimize student learning and retention.

Threat Intelligence Certification Program

Network and Security Fundamentals Course

Introduction to Purple Team Security Operations

Chess King
Pawn

Intel driven Digital Forensics Investigations

Intel led Orchestration and Automation (SOAR)

Custom Cybersecurity Training (Contact)

bottom of page