Purple Team Training Idea

I’m trying to find a constructive way to share the knowledge I gained from the OSCP. I’m brainstorming a purple team training session I might submit to local con’s. During my OSCP, I found some great online offsec labs and resources, but didn’t find any that tie actions to blue team exercise. That’s what this course hopes to address.

We’ll perform basic linux/windows pentesting techniques, then analyze the traffic and alerts we generate. We’ll also discuss OS, network, and security control logs that provide crucial viability during our investigations.

The course is in it’s early stages, but I’ve almost completed the first vulnerable machine. The pilot course will have 3 machines: 2 Windows and 1 Linux.  Once the machines are complete, I’ll look for some volunteers to exploit them. I plan to have participants VPN into my  network, where I have a IPS/IDS/HIDS and NGFW supplying logs to help correlate our attacks.

Leave a Reply

Your email address will not be published. Required fields are marked *