Class Title: Atomic Purple Team Framework in Azure - Deploy, Attack, Detect, Defend
Defensive Origins was invited to present a 2 hour workshop at Defcon 28 - Safe Mode for the Red Team Village. The scheduled time for workshop was August 9th, 2:00 PM MST.
- About The Instructors
- The 4 Day / 16 Hour Course:
- Slide Decks
- Workshop Tooling
- Published Recording
- License
Jordan Drysdale | Kent Ickler |
---|---|
Twitter: @Rev10D LinkedIn: Jordan Drysdale Discord: Rev10D |
Twitter: KRelkci LinkedIn: Kent Ickler Discord: Relkci |
- Find our 4-day / 16 Hour Training ($495): Defensive Origins Training
Section | Link |
---|---|
Intro and Atomic Purple Team Lifecycle | DCSM0010-AtomicPurpleTeamLifecycle |
Threat Optics | DCSM0020-ThreatOptics |
Azure Lab Build | DCSM0025-BuildLabEnvironment |
Attack, Hunt/Detect, Defend Workshop Labs | DCSM0030-Workshop-Labs |
Component | |
---|---|
Defensive Origins Github | Defensive Origins - GitHub |
APT - Azure Terraform Programing | Applied Purple Teaming Threat Optics Lab - Azure Terraform |
APT - Fast Optics Build Scripts | Applied Purple Teaming Threat Optics Lab - Fast Optics Stack |
APT - Additional Lab Components | Atomic Purple Team Framework APT LabPack |
- OlafHartong: Sysmon Modular
- Microsoft: Sysmon
- Mark Russinovich: Explanation of EventID 23
- Microsoft: Windows Event Forwarding
- Microsoft: Windows Event Forwarding Survival Guide
- NSA: Event Forwarding Guidance
- NSA: Windows Event Forwarding - NT6 Subscription
- Palanatir: Windows Event Forwarding
- Elastic: WinlogBeat Configuration
- How to Deploy Windows Optics - Commands, Downloads, Instructions
- Mitre: Technique 00024
- Byt3Bl33d3r: SilentTrinity C2
- SpiderLabs: Responder
- SecureAuthCorp: Impacket
- SecureAuthCorp: Impacket - NTLMRelayx
- Byt3Bl33d3r: CrackMapExec
Portions of this content are owned by Defensive Origins. Please note each source repository may hold its own licensing. Additionally, Defcon and Red Team Village images have been used with permission for this recorded event.