Applied Purple Teaming is for you if: 

  • You want to improve the efficiencies of your red and blue teams
  • You have interest in threat optics 
  • You want to implement a methodology for improving business processes around your security culture
  • Your business executives require ROI data to warrant further capital expenditure on threat-optic and threat-hunting initiatives 
  • You feel like your HR, Marketing, CISO, and IT Operations need to come together to discuss information security collaboratively 

The Nitty Gritty: 

This course will deep dive into what we call threat optics: auditing endpoints, centralizing logs, and visualizing results. Each student will leave the class having experienced a penetration test through three distinct perspectives each building on the previous. This will be done by performing a series common adversarial attacks (the Red Team) followed by an examination of defensive postures and detection methodology using open-source or free industry threat detection and defenses (the Blue Team). Finally, each of these attack / defend / hunt cycles will wrap up with reporting and communication methodology that drive inter-department collaboration and produce immediate actions for all stakeholders (the Purple Team)!


  • Exposure to Active Directory
  • Access to an Azure Subscription for this lab environment

Common Questions: 

Q. What are the dates of your next training?
A.  The best way to know when we will be offering Applied Purple Teaming is to sign up for our email list (we rarely email, though, so you’ll know it’s important when we do). 
Q. Is the course live? 
A. Yes, it is live and typically is 4 hours per day for 4 days, unless we are doing a custom training (hours vary depending on the team we are training). 
Q. Are there hands-on labs?
A. Absolutely! That’s half the fun!

Still not sure if you’re ready to join? 

Check out our Atomic Purple Team Framework & Life Cycle webcast we recently recorded with Black Hills Information Security: