Practical Purple Teaming

Practical Purple Teaming

The Art of Collaborative Defense
by Alfie Champion
September 2025, 352 pp.
ISBN-13: 
9781718504288
Use coupon code PREORDER to get 25% off!

Download Chapter 3: The Atomic Methodology

Look Inside!

Practical Purple Teaming pages 66-67Practical Purple Teaming pages 70-71Practical Purple Teaming pages 94-95

If you’re tired of red team reports gathering dust—or defensive teams being left in the dark—this book is for you. 

Practical Purple Teaming gives you a hands-on blueprint for running collaborative security exercises that improve detection, build trust, and expose real gaps before attackers do. You’ll learn how to emulate adversaries using tools like Atomic Red Team, MITRE Caldera, and Mythic, and you’ll guide defenders toward actionable insights using real logs, alerts, and frameworks like MITRE ATT&CK, the Cyber Kill Chain, and the Pyramid of Pain.

If you’re running your first purple team exercise or trying to scale a repeatable program, this book will show you how to move from ad hoc simulations to a sustainable, integrated strategy. 

You’ll learn how to:

  • Design purple team exercises that produce measurable improvements   
  • Emulate attacks using threat intel and adversary simulation tools
  • Collect telemetry and analyze coverage using open source platforms
  • Automate labs with Splunk’s Attack Range and other free resources
  • Build a sustainable, cross-functional purple teaming function within your organization

Whether you’re red, blue, or somewhere in between, this book will help you test smarter, detect faster, and collaborate better. 

If you’ve ever finished a red team engagement and wondered what actually changed, this is your playbook.

Author Bio 

Alfie Champion is a seasoned cybersecurity specialist who has fostered and developed purple team functions over the last decade, both with internal teams and while consulting with MWR InfoSecurity. Champion has delivered talks and workshops at some of the industry’s most prestigious conferences, including BlackHat USA, DEF CON, and RSA.

Table of contents 

Introduction

Part I: How Purple Teaming Works
Chapter 1: The Basics of Purple Teaming
Chapter 2: Offensive and Defensive Frameworks
Chapter 3: The Atomic Methodology
Chapter 4: The Scenario-based Methodology

Part II: Attack Emulation and Detection Lab
Chapter 5: Enviromnent Setup
Chapter 6: Collecting Telemetry
Chapter 7: Network Scanning and Event Tracing
Chapter 8: Living-off-the-Land with the Atomic Red Team Library
Chapter 9: Active Directory Recon with the Caldera Framework
Chapter 10: Domain Compromise with the Mythic Framework

Part III: Organizing an Exercise
Chapter 11: Reporting and Tracking
Chapter 12: Implementing Purple Teaming

Appendix A: Supplemental Tables