Certified Purple Team Analyst [CPTA]
• Analyze various Host based attacks by Endpoint Monitoring solutions
• Analyze various Network based attacks by Network Device monitoring solutions
• Hunt Cyber Threats in a realistic enterprise environment
• Collect Evidence & investigate Cyber Attacks using DFIR solutions
• Visualize Protocol Level Attacks
Red vs Blue
Team Joint Operations
Dashboard
with Challenges + References
Enterprise Tools
Security Operations Tools
Become CPTA
Earn Digital Badge + Certificate
CPTA Introduction
In this Lab, you will proactively work as a Purple team member, where as a red team operator you will perform different attacks and as a Blue Team member, you will Identify, Detect, Analyze then Respond those attacks in a realistic enterprise environment.
The main aim of this Lab is to help the Blue Team to Identify and Detect latest Techniques and Tools used by Adversary, Analyze and Respond ongoing attacks and collect the evidence for investigation purpose. However, Red team will understand execution of Red Team Operations in stealth mode without detection and aware about visibility against Blue Team.
Blue Team Highlights
MITRE Shield Integration
Hands-on on various SIEM solutions
Perform Real-Time Operating System level Vulnerability Assessment
Map each and every attack to MITRE ATT&CK Framework
Real-Time Network Traffic Visualization
Understand about various logs generated by Windows and Linux systems
Red Team Highlights
Simulate Attacker TTPs in realistic environment
Understand Logs, Events and Alerts generated by Offensive Tools
Identify latest Techniques to bypass different Security Solutions
Enhance Stealth Red Team skills by analyzing Blue Team activities
Generate Real-Time alerts using Automated Red Team Framework
Generate real-time alerts by performing Red Team Operations manually
Bypassing detection of Kerberos Based attacks
CPTA Syllabus Highlights
Introduction to Purple Teaming:
• About Red Teaming
• About Blue Teaming
• About Purple Teaming
Red Team Operations in Simulated Lab:
• Automated Adversary Simulation
• Manual Adversary Simulation
• Utilizing Open-source tools
Purple Team Lab Environment:
• Lab Overview
• Lab Architecture
• Lab Access
• About Enterprise Simulated Environment
• Adversary Simulation
• Adversary Detection
• About Red vs Blue Team Joint Operations
Defensive Operations in Lab:
• Host based attack detection
• Network Based attack detection
• AD Based attack detection
• Network Traffic Analysis
• Digital forensic and Incident Response
Purple Team Operations:
• Adversary Simulation Using MITRE ATT&CK Framework
• Adversary Detection using MITRE Shield Framework
• Tactics, Techniques and Procedures (TTPs) Simulation and Detection
• Attack & Defense in Windows Environment
• Attack & Defense in Linux Environment
Prerequisites:
Understanding of OS, Web & Network based attacks
Understanding about SIEM Solution
Familiarity with Command line basics
Certification Procedure:
To earn CyberWarFare Labs Certified Purple Team Analyst [CPTA] certificate, candidate must fulfill below criteria :
Skills Reflected by Certificate Holder:
• Detect broad range Tactics, Techniques & Procedures (TTPs) used by Red Teams across Cyber kill-chain
• Dormant operational as well as high-tech sophistication employed during offensive engagements
• Enough practical knowledge to combat & save assets from compromise against adversaries
• Scale the exposed attack surface & diminish possible attack vectors
• Perform Kerberos based attacks in fully patched AD environment
• Respond against a well-planned security incident in an organized & structured way
• One of the most important skill that is risk analysis prior to any active breach
• Operating under 0-trust methodology
