Approved  (4)

Join SCYTHE's VP of Research & Engineering, Tim Schulz, as he conducts a 90-minute Hands-On Purple Team Exercise Workshop!

Fill out the form to register! 

What do you need?
All you need is a web browser on a workstation/laptop (no iPads, sorry).


If you want to come better prepared, download, read, and watch the free Purple Team Exercise Framework (PTEF) and webcast:


Please register using a valid email address so we can provision your VMware lab environment before the workshop


Save My Seat


In this 90-minute, hands-on workshop you will be introduced to Purple Team Exercises and play the role of Cyber Threat Intelligence, the red team, and the blue team. We have set up an isolated environment for each attendee to go through a Purple Team Exercise following the Purple Team Exercise Framework.

By the end of this workshop, attendees will:


Unicorn Trio with blur - large


  • Learn the basics and use Command and Control (C2)

  • Consume Cyber Threat Intelligence from a known adversary

  • Extract adversary behaviors/TTPs and map to MITRE ATT&CK

  • Play the Red Team by creating and executing adversary emulation plans

  • Emulate the adversary behaviors in a small environment consisting of a domain controller, member server, and a Linux system

  • Play the role of the Blue Team and look for Indicators of Compromise and Behaviors

  • Use Wireshark to identify heartbeat and jitter

  • Enable Sysmon configurations to detect adversary behavior

  • Have FUN!


 (90 minutes total)
5 minutes of kickoff / introduction
10 minutes of lecture / background information
50 minutes of lab time
10 minutes of SCYTHE familiarization / set up test
40 minutes of Test / Detection Engineering / Re-run to validate
10 minutes of executive briefing / reporting / metrics
15 minutes of Q&A