Masterclass: Purple Team Operations

Live Virtual Class – Super Intensive Remote Training with Labs!
(9:00am – 4:00pm CEST Monday to Friday)

Notify Me

What is this course about

This is an international Live Virtual Class where you will be able to share the learning experience with a group of IT pros from around the world without leaving your home or office! The class is taught fully remotely in English by CQURE Cybersecurity Experts. In order to ensure the highest quality and unique learning experience, the course is limited to 12 participants by default, or supported by an assistant instructor if the number of delegates exceeds 12. During this course, you will have the opportunity to go through CQURE’s custom lab exercises, interact with our world-renowned Expert and receive a lifelong certification after completing the course!

Upcoming Live Virtual Classes

Live Virtual Class Length Start Date Instructor
Notify Me 5 days-35h TBA Mike Jankowski-Lorek, PhD

See the schedule of our all Live Virtual Classes

Purple Teams

Purple Team, as the name suggests itself, is a balanced blend of the Red Team and the Blue Team, that brings out the best and most desirable traits of both, to create the most efficient incident detection and response group. The benefit of the Purple Team support would be not only the reduction of the cost, but the reaction time as well. This cooperative mindset of attackers and defenders working side by side is a perfect expertise enrichment for the Blue Team that could benefit from learning the attackers point of view, their precision and quickness, and for the Red Team that could take a look at the security fortification from the inside.

Loads of Knowledge

This is a deep dive course on Purple Team Operations: the cyber kill chain – reconnaissance, attack planning and delivery, system exploitation, privilege escalation and lateral movement, anomalies detection, discovery of industry attacks and threats, understanding how compromised system or solution looks like, defining the indicators of the attack, and incident handling

On completion of this course you will be able to:


  • Analyze emerging trends in attacks.
  • Identify areas of vulnerability within your organization.
  • Prepare a risk assessment for your organization.
  • Report and recommend countermeasures.
  • Develop a threat management plan for your organization.
  • Organize Red Team – Blue Team exercises.

To get more practice we offer three extra weeks of labs online!

This course is ideal for:

Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.

To attend this training, you should have a good hands-on experience in administering Windows infrastructure. At least 8 years in the field is recommended.

Unique exercises:

All exercises are based on Windows Server 2016 and 2019, Windows 10 and Kali Linux. This course is based on practical knowledge from tons of successful projects, many years of real-world experience and no mercy for misconfigurations or insecure solutions! Remember that the labs will stay online for an extra three weeks so you may practice even more after the training is completed!

Platform and Technical Requirements:

To participate in the course you need a Stable internet connection. For best learning experience we also need you to have a webcam, headphones and a microphone. Open RDP port 3391 for the connection to the Lab environment is needed as well. We will setup a secure Zoom classroom for every day of the course – we will send you a safe link to join the conference by e-mail.


After finishing the course, you will be granted a CQURE Certificate of Completion. Please note that after completing the course you will also be eligible for CPE points!



Module 1

Identifying Areas of Vulnerability

  1. Defining the assets which your company needs to protect
  2. Defining the other sensitive information that needs to be protected

Module 2

Modern Attack Techniques

  1. OS platform threats and attacks
  2. Web based threats and attacks
  3. E-mail threats and attacks
  4. Physical access threats and attacks
  5. Social threats and attacks
  6. Wireless threats and attacks

Module 3


  1. Open Source Intelligence (OSINT)
  2. Google hacking
  3. Social Media presence
  4. DNS
  5. Shodan
  6. Physical reconnaissance
  7. Port scanning
  8. Service discovery
  9. SIEM
  10. Intrusion Prevention Systems

Module 4


  1. Generating malicious payload
  2. Hiding malicious content in Office Suite documents
  3. Reverse shells
  4. Metasploit
  5. Empire
  6. AV evasion techniques

Module 5


  1. Building phishing campaign
  2. Planting malicious device
  3. Attacks on 3rd parties
  4. Enabling phishing protection
  5. O365 / Safe links
  6. Smart Screen
  7. Secure proxy
  8. Sinkholing
  9. APT campaigns

Module 6

Exploitation and Installation

  1. Types of vulnerabilities
  2. Establishing foothold
  3. Stage-less and staged payloads / C&C
  4. Anti-Virus
  5. Firewall
  6. Application Whitelisting
  7. WDAC
  8. Living Off the Land Binaries
  9. Exploit Guard
  10. AMSI

Module 7

Privilege escalation

  1. Privileged accounts
  2. System services security
  3. Common misconfigurations
  4. Security tokens
  5. Just Enough Administration
  6. Patch maintenance

Module 8

Lateral movement

  1. Credential harvesting
  2. Mimikatz
  3. Network reconnaissance
  4. Building network map
  5. Responder
  6. Pass-the-hash
  7. Pass-the-ticket
  8. Credential Guard
  9. LAPS
  10. GPO policies
  11. Windows ATA
  12. Defender ATP

Module 9


  1. Sleeping agents
  2. Piggybacking on network packets
  3. Rootkits
  4. Sysinternals
  5. Searching for rogue servers
  6. Looking for network anomalies
Notify Me

Click here to browse the modules:


Paula Januszkiewicz

Founder and CEO of CQURE

The course is delivered by Paula Januszkiewicz, CEO of CQURE, a world-renowned expert in the cyber security field with practical knowledge from dozens of successful projects, years of real-world experience, great teaching skills, and no mercy for misconfigurations or insecure solutions.

Mike Jankowski-Lorek, Ph.d.

CQURE Director of Consulting, Cybersecurity Expert, Trainer

Mike Jankowski-Lorek is a solution architect, developer, data scientist and security expert with more than 18-years’ experience in the field. He designs and implements solutions for organization identity and access databases, network and security monitoring and management, mainly working in Microsoft ecosystem for medium to enterprise level organizations. Mike holds multiple certifications, especially security, database and software development related. He is one of core Experts at CQURE and holds a PhD in Computer Science.

Michael Grafnetter

Cybersecurity Expert

Michael is an expert on Windows Security, Microsoft Azure and PowerShell, he holds a master’s degree in Software Engineering and in early 2021 he was awarded with the Microsoft Azure Most Valuable Professional title. He is an author of the open-source Directory Services Internals (DSInternals) PowerShell module and Thycotic Weak Password Finder, tools used by security auditors and penetration testers worldwide. His unique DSInternals Framework exposes many undocumented Active Directory security features, and it has already been integrated into multiple 3rd party solutions for Identity Management and Active Directory Disaster Recovery.



The course is perfect for enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants.


To attend this training, you should have a good hands-on experience in administering Windows infrastructure. At least 5 years in the field is recommended.


All exercises are based on Windows Server 2016 and 2019, Windows 10 and Kali Linux.

Our students say…

Let me start by saying Paula is amazing!! The passion for the topic really shows. As a engineer with 16 years of experience I am impressed. Thank you for the education, and entertainment.

Dave Kordyban

Network Engineer | Garrett County Government

Best rating from me to you. Well earned! You did a great job even with a sloppy bunch like us. Learned a lot. Great fun also (good-good-good). Best of luck in life and your career.

Bjarte Sivertsen


We have learned a lot about IIS, hacking and much much more. Our motivation have increased during this course and of course great interest in your work Paula. Impressed over your entuastic energic way of presenting.

Styrk Finne

Senior Professional System Engineer | CSC Norway