Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection

This course is SANS's advanced purple team offering, with a key focus on adversary emulation for data breach prevention and detection. Throughout this course, students will learn how real-life threat actors can be emulated in a realistic enterprise environment, including multiple AD forests. In true purple fashion, the goal of the course is to educate students on how adversarial techniques can be emulated (manual and automated) and detected (use cases/rules and anomaly-based detection). A natural follow-up to SEC599, this is an advanced SANS course offering, with 60 percent of class time spent on labs!

Course syllabus:

  1. Adversary Emulation for Breach Prevention and Detection

  2. Advanced Initial Execution Techniques Threat Actor

  3. Advanced Active Directory Attack Threat Actor

  4. Stealth Persistence Strategies and Turia

  5. Azure AD Attacks

  6. Adversary Emulation Capstone