Practical Purple Teaming placeholder cover

Practical Purple Teaming

The Art of Collaborative Defense
by Alfie Champion
September 2025, 336 pp.
ISBN-13: 
9781718504288
Use coupon code PREORDER to get 25% off!

Look Inside!

Practical Purple Teaming pages 66-67Practical Purple Teaming pages 70-71Practical Purple Teaming pages 94-95

Many organizations have chosen to forgo traditional security tests in favor of collaborative assessments – or “purple team” tests, for the way they combine offensive (“red team”) and defensive (“blue team”) elements – in which offensive and defensive teams work together to measure and improve the organization’s resilience to attacks.

Practical Purple Teaming outlines common purple team methodologies, offensive and defensive frameworks, and real-world threat research to craft realistic test cases. Readers will use a dedicated lab environment to execute attacks common to the modern threat landscape, then consider ways of tuning defenses to detect and prevent the activity.

Along the way, they’ll be introduced to a number of open-source tools for emulating enterprise environments, automating attacks, crafting intelligent alerts, and more. Covers numerous free tools readers could use in their own purple team exercises, offensive frameworks, and defensive technologies.

Author Bio 

Alfie Champion is a seasoned cybersecurity specialist who has fostered and developed purple team functions over the last decade, both with internal teams and while consulting with MWR InfoSecurity. With a strong emphasis on research and training fostered at MWR, Alfie has gone on to deliver talks and workshops at some of the industry’s most prestigious conferences, including BlackHat USA, DEF CON, and RSA. More recently, he has co-founded an email security startup, delivr.to.

Table of contents 

Introduction

Part I: How Purple Teaming Works
Chapter 1: The Basics of Purple Teaming
Chapter 2: Offensive and Defensive Frameworks
Chapter 3: The Atomic Methodology
Chapter 4: The Scenario-based Methodology

Part II: Attack Emulation and Detection Lab
Chapter 5: Enviromnent Setup
Chapter 6: Collecting Telemetry
Chapter 7: Network Scanning and Event Tracing
Chapter 8: Living-off-the-Land with the Atomic Red Team Library
Chapter 9: Active Directory Recon with the Caldera Framework
Chapter 10: Domain Compromise with the Mythic Framework

Part III: Organizing an Exercise
Chapter 11: Reporting and Tracking
Chapter 12: Implementing Purple Teaming

Appendix A: Supplemental Tables