Applied Purple Teaming – How to build a Purple Team Lab with Kent and Jordan (4 hours)

Applied Purple Teaming – How to build a Purple Team Lab with Kent and Jordan (4 hours)

HomeMohd Amri RazlanApplied Purple Teaming – How to build a Purple Team Lab with Kent and Jordan (4 hours)
Mohd Amri Razlan Available on Youtube Published 4 years ago
Applied Purple Teaming – How to build a Purple Team Lab with Kent and Jordan (4 hours)
ChannelPublish DateThumbnail & View CountDownload Video
Channel AvatarPublish Date not found Thumbnail
0 Views
View on YouTube Download Video
This is an edited recording of the June 6, 2020, 4-hour online training workshop: Applied Purple Teaming: Infrastructure, Threat Optics, and Continuous Improvement with Kent Ickler and Jordan Drysdale (4 hours)

For slides, labs, resources: https://github.com/DefensiveOrigins/APT06202001

New blog post with additional information: https://www.blackhillsinfosec.com/how-to-deploy-windows-optics-commands-downloads-instructions-and-screenshots/

0:00 – I heard we were good
2:31 – Course targets
4:53 – Course components
6:59 – Applied Purple Teaming Course Matrix
12:41 – Endpoint Optics Sysmon Audit Policy
14:09 – What is Sysmon
37:49 – Audit Policy
38:59 – Windows Event Collection
46:45 – We have some questions
1:01:08 – Break time 01
1:11:40 – Back to work
1:13:25 – Event Handler WEC/WEF event subscriptions
2:06:10 – I’ll take a break for questions (Break Time 02)
2:18:11 – Ingestors for log shipping events
2:36:17 – Further questions
3:00:32 – Break 03
3:13:06 – Back to work
3:26:42 – Atomic Purple Team / APT Lifecycle
3:46:22 – Final questions and thoughts

Build your own Purple Team lab in 4 hours (or less!).
Implementing Sysmon with modular configuration
Configure and launch meaningful monitoring policies
Deploying the WEF/WEC event capture model
Install WinLogBeat to transfer logs to …
The Hunting Elk (HELK)

Join the BHIS Discord channel to ask questions about the labs or training: https://discord.gg/aHHh3u5
(Use the channel for training preparation questions)

For slides, labs, resources: https://github.com/DefensiveOrigins/APT06202001

New blog post with additional information: https://www.blackhillsinfosec.com/how-to-deploy-windows-optics-commands-downloads-instructions-and-screenshots/

Kent Ickler and Jordan Drysdale will be leading a paid ($395) 3-day, 5.5-hour (16.5 hour) training course on Applied Purple Teaming from June 30 to July 2. More information: https://wildwesthackinfest.com/online-training/applied-purple-teaming/

Please send your questions, comments and feedback to: [email protected]

Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.

If you enjoyed watching Applied Purple Teaming – How to build a Purple Team Lab with Kent and Jordan (4 hours).
Don't Forget to Say Thank You comment below... ^_^