Applied Purple Teaming

Defensive Origins LLC

Section Link
Who Are we? Defensive Origins
Join the Defensive Origins Mailing List Join Mailing List
Upcoming Defensive Origins Training DO Training Schedule
Upcoming BHIS & WWHF Sponsored Training WWHF Training

Course Information

Section Course Section Section Type
H0004 Course Instructors Information
H0010 Course Pre-Requisites Information
H0011 Course Schedule Information
Video Primary: GoTo Webinar Webinar
Chat Discord: Wild West Hackin Fest - APT Chat
DOImage Defensive Origins Background/Wallpaper Bonus

Recordings

Recordings require the links provided below + the provided code.

Video Link Code
APT v8 - Day One Link APPLIEDPURPLERAINDANCE02
APT v8 - Day Two Link APPLIEDPURPLERAINDANCE02
APT v8 - Day Three TBA
APT v8 - Day Four TBA

Course Content

Day One

Section Course Section Section Type
APT0010 Venue Introduction - WWHF Presentation
C0100 Applied Purple Team Course Presentation
C0150 Purple Team and Lifecycle (APTLC) Presentation
APT-REPO Atomic Purple Team - GitHub Resource
C0160 APTLC Ingests Presentation
C0170 APTLC Playbook Presentation
PB0170 APLC Playbook Template (PDF) Playbook
PB0170 APLC Playbook Template (Word) Playbook
C0200 Applied Purple Teaming Lab Infrastructure Presentation, Demo
L0200 Lab Infrastructure Lab
L0250 Package Procurement and Lab Preparation Lab
LABPACK Configuration Packages for Lab Environment Configuration
C0300 Threat Optics Overview Presentation
C0310 Threat Optics 1: Sysmon - Presentation, Demo

DAY TWO

Section Course Section Section Type
L0310 Sysmon Installation and Configuration Lab
C0320 Threat Optics 2: Event Handlers Presentation, Demo
L0320 Event Handler Configuration Lab
C0330 Threat Optics 3: Forwarder / Collector Presentation, Demo
L0330 Collection and Forwarding Lab
C0340 Threat Optics 4: Log Logistics Presentation, Demo
L0340 Log Logistics Lab
L0350 Navigating Kibana Lab
LC1100 LC: Enterprise Recon Presentation
PB1100 Playbook: Enterprise Recon Playbook
LC1110 LC: Windows Security Best Practices Presentation
PB1110 Playbook: AD Best Practices Playbook

DAY THREE

Section Course Section Section Type
LC1120 LC: AD Enumeration Presentation, Demo
L1120-Red Attack: Bloodhound & SharpHound Lab
L1120-Blue Hunt/Defend: BloodHound & SharpHound Lab
PB1120 Playbook: BloodHound Playbook
LC1130 LC: Command and Control Presentation, Demo
L1130-Red Attack: SilentTrinity C2 Lab
L1130-Blue Hunt/Defend: SilentTrinity C2 Lab
PB1130 Playbook: SilentTrinity Playbook
LC1140 LC: Domain Password Spray Presentation, Demo
L1140-Red Attack: Domain Password Spray Lab
L1440-Blue Hunt/Defend: Domain Password Spray Lab
PB1140 Playbook: Domain Password Spray Playbook
LC1150 LC: SMB Poisoning Attack Presentation, Demo

DAY FOUR

Section Course Section Section Type
L1150-Red Attack: SMB Poisoning & Relay Lab
L1150-Blue Hunt/Defend: SMB Poisoning & Relay Lab
L1151-Blue Hunt/Defend: SMB Poisoning & Relay (Packet Capture) Lab
PB1150 Playbook: SMB Poisoning & Relay Playbook
LC1160 LC: NTDS Enumeration Presentation, Demo
L1160-Red Attack: NTDS Enumeration, Password Hashes Lab
LC1170 LC: Kerberoast Detection Presentation, Demo
L1170 Pre-emptive Kerberoast Detection Lab Lab
PB1160 Playbook: NTDS Relay Playbook
LC1200 LC: Adversarial Enumeration - ART Presentation, Demo
L1200-Red Atomic Red Team Lab
L1200-Blue The Hunt for the Atomic Red Team Lab
L9000 Offroad Hunting as Time Permits Presentation, Discussion
BC0108 Applied Purple Teaming - Reference Links Reference

Additional Content

Section Course Section Section Type
APT-Lab-Terraform Applied Purple Teaming Azure Lab Environment - Standalone Build Reference
Cheat-Sheets Cheat-Sheets and Quick References Reference
[APTv8-DigitalBook][APTv8-DigitalBook] Digital copy of the APT v8 Course Content and Labs Ebook

Copyright - All Rights Reserved, Defensive Origins LLC