Home › Security Training & Purple Teaming

Security Training & Purple Teaming

Finding vulnerabilities is only half the job. We work directly with your defensive team so they can actually detect and stop the attacks that matter.

Get in Touch

What Is Purple Teaming?

In a standard red team engagement, the offensive team operates in secret and the defensive team either catches them or doesn't. Purple teaming is different: both teams work together, sharing techniques and building detections in real time.

Your defenders see exactly what attacker activity looks like in your specific environment, build detection rules against it, and verify they work — all in a single session. It's one of the most efficient ways to actually improve your detection coverage.

How a Purple Team Exercise Works

  • Scoping — We work with your team to identify the attack techniques most relevant to your threat model, mapped to MITRE ATT&CK
  • Execution — We execute each technique in your environment while your defenders watch, analyze logs, and build detection rules in real time
  • Detection Tuning — For each technique, we iterate until your SIEM or EDR reliably detects it, adjusting the detection logic as needed
  • Documentation — Every technique, detection, and gap is documented so your team can maintain and build on the work after the engagement
  • Coverage Report — A final report mapping your detection coverage across the ATT&CK framework with before/after comparison

Security Training

We offer customized training sessions for security teams at all levels. Topics are tailored to your team's current skill level and the threats most relevant to your environment:

  • Offensive Techniques for Defenders — How attackers think and operate, covering common initial access, lateral movement, and privilege escalation techniques your team needs to detect
  • Active Directory Attack & Defense — Deep dive into AD attacks (Kerberoasting, Pass-the-Hash, DCSync, BloodHound enumeration) and how to detect and mitigate them
  • Threat Hunting Fundamentals — Building hypotheses from threat intelligence and hunting for attacker activity in your logs proactively
  • Incident Response Tabletop Exercises — Scenario-based exercises that test your team's response process and identify gaps in your runbooks
  • Custom Topics — Training built around your specific technology stack, threat model, or recent incidents

Who This Is For

These services are designed for organizations that have a security team in place and want to make them more effective:

  • SOC analysts who want to understand what they're detecting and why
  • Detection engineers building or tuning SIEM rules and EDR policies
  • Security managers who want measurable improvement in detection coverage
  • Organizations preparing for a red team engagement and wanting their defenders ready
  • Teams that recently had an incident and want to ensure they'd catch it earlier next time

Empower Your Security Team

Contact us to discuss your team's goals and we'll design a training or purple team engagement that delivers measurable results.

Contact Red Forge Security