
Learn to patch an AMC bypass by locating the AMC scan buffer, altering memory protections, and injecting a return instruction, while ethically disclosing findings and noting evolving defenses.
Install the Apollo agent in the Mythic web UI via the CLI, configure http and smb c2 profiles, and verify Mythic access.
Move the tuned Apollo agent code to the Mythic server and customize it for the workflow. Ensure the updated payload bypasses Defender and is fully functional before proceeding.
Practice solo purple teaming with two isolated LANs for attack path level zero, pfSense firewalls, a reverse engineering workstation, and Kali Linux C2 to master post-compromise techniques on Windows 11.
Set a static 10.0.3.2 Kali IP with gateway 10.0.3.1 for the attack LAN, verify with pings to pf sense and the router, and configure DNS for internet access.
Configure and test the Apollo payload across attack and echo LANs on assumed breach hosts using pfSense port forwarding and mythic http listener to validate C2 traffic.
Configure the E Corp edge pfSense appliance in the Proxmox lab, set static WAN and LAN IPs and route traffic through the E coin domain to the simulated internet.
Introduce mythic ui basics and the mythic c2 framework for solo purple teaming, guiding how the dashboard, active callbacks, profiles and payload types support red team operations.
Explore Mythic user settings to add and manage users, set the admin password via the CLI, and customize font and UI for upcoming operations such as attack path level zero.
Demonstrate mythic tasking to issue commands to agents in the target environment, using manual and automated methods, with a feature-rich UI, opsec checks, previews, and tagging for efficient enumeration.
Set up a Lubuntu VM and install the Wazuh server, configure a static IP on the allsafe LAN, and enable port forwarding to access the Wazuh dashboard via pfSense.
Install the Wazuh agent on the zoom breach host, configure the edge device port forwarding, and verify the agent reports to the Wazuh manager in the dashboard.
Explore the pyramid of pain, a model for ranking indicators of compromise from hashes to tactics and procedures, revealing how domains, ip addresses, and network artifacts aid detection and disruption.
Balance telemetry volume with performance to enable timely, actionable detections while optimizing signal to noise and managing storage in solo purple teaming.
Explore Sysmon file create events (id 11) on the host, filter downloads and autostart paths using exact, contains, begins with, ends with, and regex conditions to log initial access payload.
Create a custom rule to detect unsigned image loads for a base detection in a correlation rule, using Sysmon event ID seven and the solo purple teaming C2 group.
Explore how threat intelligence informs the iterative solo purple teaming process to develop bypasses through targeted research and align with real world threats.
Continue building a windows service enumeration tool using PInvoke to call OpenSCManager, OpenService, and QueryServiceObjectSecurity, marshal data, and extract the service security descriptor for auditing.
Practice solo purple teaming by staging and executing a .NET service scan assembly in memory, then explore dynamic injection techniques to bypass Windows Defender and observe defense evasion.
In cybersecurity, most training only scratches the surface—teaching which buttons to press, but not why, when, or how to adapt when the situation changes. This leaves a critical gap between basic tool familiarity and the deep operational mastery required for real-world engagements.
Solo Purple Teaming closes that gap. It trains you to think and operate as both an attacker and a defender, where your limits aren’t dictated by step-by-step lab manuals, but by your creativity, problem-solving skills, and willingness to push beyond your comfort zone and explore new tactics.
The course is built around four focused phases designed to level up your skills: Layout, Engage, Explore, and Trace.
In Layout, you prepare like a professional operator—balancing maximum effectiveness with strict operational security. From initial reconnaissance to privilege escalation, you’ll learn to bypass defenses such as Windows Defender, AMSI, and others, setting the stage for success.
In Engage, you execute your attack path with precision—moving carefully through the network, maintaining stealth, and accomplishing your objectives.
In Explore, you switch to the defender’s mindset—identifying telemetry gaps, spotting blind spots, and uncovering detection opportunities others might miss.
In Trace, you reverse engineer payloads, analyze attack mechanics, and craft high-fidelity detections designed to withstand sophisticated evasion attempts.
This advanced and demanding course is intentionally built to foster independence and true mastery. If you’re ready to sharpen both your red and blue skills, Solo Purple Teaming is the course for you!