Running Your First Purple Team Exercise - Understand The Cyber Kill Chain, Emulation, & Response

Relevant Courses: https://www.sans.org/sec599, https://www.sans.org/sec699 Presented by: Jorge Orchilles Follow me here:   / jorgeorchilles   In this webinar we will define what Purple Team is and how to build a high-value Purple Team program. We will cover consuming actionable Cyber Threat Intelligence, emulating attacks, and detection engineering to ensure your organization (people, process, and technology) can detect and respond to a similar attack when it inevitably occurs. No matter your role or area of specialization this presentation will be beneficial to your security practices. Attendees coming from a vulnerability management background will learn how to evolve from CVEs to TTPs while defenders will be able to understand how attacks work so they can detect and respond to them quicker. We will use MITRE ATT&CK as the common language between all these teams to build an efficient and effective purple team program.

Join Today
SANS Webcast: Effective (Threat) Hunting Techniques
▶︎

SANS Webcast: Effective (Threat) Hunting Techniques

Validation Station: Open source threat emulation | Atomic Red Team
▶︎

Validation Station: Open source threat emulation | Atomic Red Team

Purple Teaming Reloaded: AI, Adversaries & the New SEC599
▶︎

Purple Teaming Reloaded: AI, Adversaries & the New SEC599

Research Series: Research Compliance and the Role of the Privacy Office
▶︎

Research Series: Research Compliance and the Role of the Privacy Office

The 20 Critical Security Controls: From Framework to Operational to Implementation
▶︎

The 20 Critical Security Controls: From Framework to Operational to Implementation

Practical Malware Analysis Essentials for Incident Responders
▶︎

Practical Malware Analysis Essentials for Incident Responders

The Cycle of Cyber Threat Intelligence
▶︎

The Cycle of Cyber Threat Intelligence

Red Team Adversary Emulation With Caldera
▶︎

Red Team Adversary Emulation With Caldera

GME Core Curriculum Series: Quality Improvement in Action
▶︎

GME Core Curriculum Series: Quality Improvement in Action

Breaking the Lock: How MFA Can Still Be Defeated
▶︎

Breaking the Lock: How MFA Can Still Be Defeated

Threat-Informed Detection Engineering
▶︎

Threat-Informed Detection Engineering

Detecting & Hunting Ransomware Operator Tools: It Is Easier Than You Think!
▶︎

Detecting & Hunting Ransomware Operator Tools: It Is Easier Than You Think!

Major Course Update | SEC598 Automate Security with Generative AI
▶︎

Major Course Update | SEC598 Automate Security with Generative AI

Threat Hunting via Sysmon - SANS Blue Team Summit
▶︎

Threat Hunting via Sysmon - SANS Blue Team Summit

Health Professions Educator Series: MedEdMentor: A Groundbreaking Tool for HPE Scholarship
▶︎

Health Professions Educator Series: MedEdMentor: A Groundbreaking Tool for HPE Scholarship

Putting MITRE ATT&CK™ into Action with What You Have, Where You Are presented by Katie Nickels
▶︎

Putting MITRE ATT&CK™ into Action with What You Have, Where You Are presented by Katie Nickels

OWASP Top 10 2025: Your complete guide to securing your applications
▶︎

OWASP Top 10 2025: Your complete guide to securing your applications

Managing & Showing Value during Red Team Engagements & Purple Team Exercises - VECTR SANS Webcast
▶︎

Managing & Showing Value during Red Team Engagements & Purple Team Exercises - VECTR SANS Webcast

Virtual Session: NIST Cybersecurity Framework Explained
▶︎

Virtual Session: NIST Cybersecurity Framework Explained

How to Present Cyber Security Risk to Senior Leadership | SANS Webcast
▶︎

How to Present Cyber Security Risk to Senior Leadership | SANS Webcast