Home Specialist skills Security SEC699: Advanced Purple Teaming - Adversary Emulation & Detection Engineering
SEC699: Advanced Purple Teaming - Adversary Emulation & Detection Engineering
-
Build realistic adversary emulation plans to better protect your organization.
-
Deliver advanced attacks, including application whitelisting bypasses, cross-forest attacks (abusing delegation), and stealth persistence strategies.
-
Building SIGMA rules to detect advanced adversary techniques.
Overview
Off the shelf (OTS)
SEC699 is SANS's advanced purple team offering, with a key focus on adversary emulation for data breach prevention and detection. Throughout this course, students will learn how real-life threat actors can be emulated in a realistic enterprise environment, including multiple AD forests. In true purple fashion, the goal of the course is to educate students on how adversarial techniques can be emulated (manual and automated) and detected (use cases / rules and anomaly-based detection). A natural follow-up to SEC599, this is an advanced SANS course offering, with 60 percent of class time spent in 29 hands-on labs!
Delivery method
Face to face
Virtual
Digital
Course duration
42 hours
Competency level
Expert
Delivery method
-
Face to face
-
Virtual
-
Digital
Course duration
42 hours
Competency level
-
Expert
Spark login – Alpha testing