Welcome GRIMMCon attendees. Join SCYTHE Unicorns, Chris Peacock and Elaine Harrison-Neukirch, for a three hour Hands-On Purple Team Exercise Workshop focused on Detection Engineering. This is an intermediate level workshop that does not require, but does recommend, you to have taken the Introduction to Purple Team Exercise workshop.
***Use a real email address***
The workshop will guide attendees through the detection engineering process. Attendees will take curated threat actor procedures to emulate and detect. The process will include how to determine which log sources to target for investigation. After verifying the appropriate log sources, attendees will learn to hunt through and narrow down results until they have an actionable query to deploy as detection logic.
What do you need?
All you need is a web browser on a workstation/laptop (no iPads, sorry). If you want to come better prepared, download, read, and watch the free Purple Team Exercise Framework (PTEF) and webcast:
How will it work?
We are using VMware learning platform to give everyone their own isolated environment. This means we need your real email upon registration so we can provision your environment before the start of the workshop.