Applied Purple Teaming

Infrastructure, Threat Optics, and Continuous Improvement

Defensive Origins Course: APT0602020 June 6, 2020

A Defensive Origins and Black Hills Information Security Collaboration

Training Schedule
Courseware
Course Content

Who he heck is Defensive Origins? https://defensiveorigins.com/about-us/<BR> Join the Defensive Origins Mailing List: https://register.defensiveorigins.com
Upcoming Defensive Origins Training: https://training.defensiveorigins.com<BR> Upcoming BHIS & WWHF sponsored Training: https://wildwesthackinfest.com/online-training/

Training Schedule

Event	Date	Cost	Registration
Applied Purple Teaming: Infrastructure, Threat Optics, and Continuous Improvement (4 hrs) <P>Self Hosted Labs Environment	Saturday June 6, 2020 11AM-4PM EDT	FREE! Sponsored by BHIS & WWHF	<P> Course Information
Applied Purple Teaming Full three day course, 5.5 hrs per day.<P> Defensive Origins Hosted Lab Environment	June 30th - July 2nd 2020	$395 Sponsored by BHIS & WWHF	Register <P>Course Information

Courseware

Section	Link
APT: Infrastructure, Threat Optics, Continuous Improvement Book	PDF
C0100-1: APT Course Introduction	PDF
C0310-1: Event Baselines and Sysmon	PDF
C0320-1: Event Handlers and Subscriptions	PDF
C0330-1: Log Shipping and Event Ingests	PDF
C0150-1: Applied Purple Team Lifecycle / Continuous Improvement	PDF

Course Content

Component	Information
Course Information	Course Abstract, Objectives, Schedule
Lab-Build-PreReq	Optional Pre-Req Lab This includes instructions on setting up the optional lab-environment. If you wish to complete the labs during class, have the lab Pre-Reqs completed before class starts.
DomainBuildScripts	Optional Pre-Req Lab Domain Scripts Additional information on building the optional lab Master: DefensiveOrigins/DomainBuildScripts
Lab-GPOs	This section will be covered in class. These are GPOs that are imported into the lab environment
Lab-Sysmon Sysmon Batch Fule sysmon-modular	This section will be covered in class. Sysmon batch (bat) file.<BR> Note: Due to licensing, it is not possible to include sysmon in the APT repository. Download Sysmon binaries here: Sysmon - ZIP<P>Sysmon-Modular (olafhartong) - GIT (included)
Lab-WEF-Palantir	This section will be covered in class. WEF configuration static repo for APT. Master: palantir/windows-event-forwarding
Lab-WinLogBeat	This section will be covered in class. WinLogBeat configuration file for lab. Note: Due to licensing, it is not possible to include WinLogBeat in the APT repository. Download WinLogBeat binaries here: WinLogBeats

Community Provided Additional Configuration

Component	Information
Lab-Template-Vagrant	Vagrnat template provided by @ianblenke NOTE: Defensive Origins has not tested this configuration.

APT06202001
APT06202001 copied to clipboard

Metadata

Applied Purple Teaming

Infrastructure, Threat Optics, and Continuous Improvement

Defensive Origins Course: APT0602020 June 6, 2020

Training Schedule

Courseware

Course Content

Community Provided Additional Configuration

← Metadata

Owner

Metadata

APT06202001 APT06202001 copied to clipboard

Metadata

Applied Purple Teaming

Infrastructure, Threat Optics, and Continuous Improvement

Defensive Origins Course: APT0602020 June 6, 2020

Training Schedule

Courseware

Course Content

Community Provided Additional Configuration

← Metadata

Owner

Metadata

APT06202001
APT06202001 copied to clipboard