POWER TO THE PURPLE 
WORKSHOP: OCTOBER 28


Join SCYTHE's Technical Director, Tim Schulz, for a 90-minute Hands-On Purple Team Exercise Workshop!

When: October 28th at 1pm EDT
Topic: Purple Process: RegSvr32.exe

Summary:
Living off the Land Binaries and Scripts (LOLBAS) can be difficult for defenders to catch due to the legitimate use cases offered by these programs that occur in enterprise environments. These techniques offer the perfect opportunity to leverage a purple team exercise to:

1. Establish a baseline understanding of an organization’s ability to log and detect these actions
2. Build more resilient defenses by tuning these detections to decrease false positives

The SCYTHE Labs team will walk attendees through the process of building and executing a test for the regsvr32.exe procedure. By the end of this workshop, attendees will:

• Know how to build a test with regsvr32.exe as an execution method
• Walk away with some techniques for reducing false positives within an environment
• Gather metrics that are built into an executive report for purple team exercise readout

**REGISTRATION REQUIRED**
Note: For this workshop, attendees will need to have a free SnapLabs account. If attendees haven’t registered, then a registration link will be sent out before the start of the workshop.
**Please use the same email address for both the workshop registration and the SnapLabs account setup**

For more information about regsvr32 and our purple team process, check out the following:
LOLBAS Project Repository Page
MITRE ATT&CK: Regsvr32 T1018.010
Purple Team Exercise Framework

General Agenda: (90 minutes total)
5 minutes of kickoff / introduction
10 minutes of lecture / background information
50 minutes of lab time
10 minutes of SCYTHE familiarization / set up test
40 minutes of Test / Detection Engineering / Re-run to validate
10 minutes of executive briefing / reporting / metrics
15 minutes of Q&A / slack time


What do you need?
All you need is a web browser on a workstation/laptop (no iPads, sorry). If you want to come better prepared, download, read, and watch the free Purple Team Exercise Framework (PTEF) and webcast and sign up for a SnapLabs Account if you don't have one already:
https://www.scythe.io/ptef
https://www.scythe.io/library/ptef-workshop