PurpleLabs FAQ

1. Infrastructure overview:

• PurpleLABS is a dedicated virtual infrastructure for running detection and analysis of attackers' behavior in terms of used techniques, tactics, procedures and offensive tools. The environment main goal is to serve the constant improvement of competences in the field of threat hunting (threat hunting) and learning about current trends of offensive actions (red teaming) vs direct detection (blue teaming). 
• Ready to use VPN access for running your own on-going security / hunting research or for playing with advanced labs scenarios.

2. Labs overview:

• 60+ dedicated walkthrough lab scenarios combined with mapping to MITRE ATT&CK Framework, Sigma rules, offensive / defensive tools, tactics and procedures.
• Focus on C2 frameworks, post-exploitation, lateral movement, evasion and data exfiltration phases.
• Tracking and progress monitoring.

3. Skill level:

• Intermediate/Advanced

4. Subscription packages:

• PurpleLabs Infrastructure Access + LABS for 1 / 3 / 6 / 12 months
• Continuous Training Delivery for 1 / 3 / 6 / 12 working days for use under subscription

5. Continuous Training Delivery:

• We offer 1/3/6/12 working days dedicated for live video-consulting / workshop sessions as an additional option.
• We are open to support your security team by running 2-4h live training session per week so that we will supply you with new knowledge on a regular basis

6. Security Analytics Components:

• Hunting ELK, Splunk, Elastiflow, Wazuh IDS, ElastAlert, OSquery Kolide Fleet, Graylog, Velociraptor, Moloch FPC and more.

7. Data sources:

• Zeek IDS, Suricata IDS, Full PCAP, Netflow, Sysmon, Windows Events, Syslog, Filebeats, Auditd, BOTS and more.

8. How is access to PurpleLabs provided?

• We are using the simplest solution based on Wireguard VPN. All you have to do is install the VPN client and import one configuration file.

9. Could I choose the start date for the training?

Yes. Just let us know what time/date works for you.

10. Target Audience:

• B2B
• Individual

11. Who should take this training?

• Red and Blue team members
• Security / Data Analytics
• CIRT / Incident Response Specialists
• Network Security Engineers
• SOC members and SIEM Engineers
• AI / Machine Learning Developers
• Chief Security Officers and IT Security Directors

12. Prerequisites:

• An intermediate level of command-line syntax experience using Linux and Windows
• Fundamental knowledge of TCP/IP network protocols
• Penetration testing experience performing enumeration, exploiting, and lateral movement is beneficial, but not required
• Basic programming skills are a plus, but not essential

13. Hardware / Software requirements:

• VPN client installed according to VPN Setup instructions
• Slack account as an invite to dedicated training channel will be sent
• Stable internet connection
• Recommended Zoom client installed, HD Camera to have 1:1 access to an instructor and the rest of the participants. Even virtually, let’s feel each other like we were in the class!
• This training is based on dedicated PurpleLABS cloud infrastructure, so there are no special student’s desktop requirements. No more initial setup issues, just a pure training experience!

14. Customization and feature request:

• Available on request as a part of Enterprise subscription only
• Paid extra

15. Will I get a certificate of completion?

• Yes.

16. Offensive tools in use:

• PowerSploit, Bloodhound, goDoH, dnscat2, nmap, Empire Framework, Metasploit Framework, WMImplant, Invoke-PipeShell, Sharpshooter, PIngCastle, RTA, Atomic Red Team, kerbrute, CME, Salsa tools, Octopus, mimikatz, PSAttack, Weasel, impacket, pyexfil, scapy, Shellter, proxychains, Singularity, poshC2, dns2tcp, Pupy, sg1, DET, xfltreat, fruityC2, tuna, RATTE, nishang, corkscrew, Egress-assess, pivoter, hydra, wondjina, Trevor C2, C3, Koadic, Apfell, sharpSocks, Silent Trinity, WSC2, google_socks, sqlmap, BeeF Framework, twittor, torify, TheFatRat, cloakify, WMIsploit, certreq, Faction C2, Merlin, SNIcat, GoPurple, shad0w, Donut, ThunderShell, udp2raw, PowerLessShell, reGeorg, rpivot, WSC2, thc-flood, yersinia, DNSexfiltrator, SMBmap, testssl, firebolt, Sliver, dumpster fire, APT simulator, icmptunnel, ChunkyTuna, Invoke-DOSfuscation and more.