Purple Academy Provides Open-Access (Free) Online Cyber Security Courses

Purple Academy by Picus is committed to developing and constantly improving a learning platform that enables the cybersecurity community to advance their knowledge and skills.

Suleyman OZARSLAN, PhD
Picus Security
5 min readJan 23, 2022


Purple Academy by Picus — Open-Access Online Cyber Security Courses

Picus created Purple Academy to help cybersecurity professionals in developing in developing offensive and defensive skills necessary to defend organizations. Purple Academy provides Massive Open Online Courses (MOOC).

Purple Academy includes different learning paths. Each learning path provides the necessary micro-courses to develop a specific skill. Micro-courses in learning paths are intended for busy professionals. They are short (about one hour), focused on a single topic, available 24/7, and delivered in a practical, self-paced format. Students who successfully finish a course or learning path obtain verifiable badges and certificates.

Current learning paths in Purple Academy are Ransomware Attacks, Proactive Security Operations Center (SOC), Continuous Security Validation, and the MITRE ATT&CK® Framework. You can find the courses under each learning path in the following sections.

Learning Path: Ransomware Attacks

Ransomware Attacks: Basics, TTPs, and Countermeasures Course

In this Ransomware course, you will learn about current trends in ransomware attack campaigns, the MITRE ATT&CK techniques that are frequently employed in ransomware attacks, and an example ransomware attack kill chain — the DarkSide ransomware. Additionally, you will discover essential protection methods against ransomware attacks.

Learning Path: Continuous Security Validation

The Beginner’s Guide to Breach and Attack Simulation (BAS)

By the end of this Breach and Attack Simulation (BAS) course, you would have learned about comparison of Vulnerability Scanning, Penetration testing, Red Teaming, and Continuous Security Validation approaches and building blocks of Breach and Attack Simulation (BAS).

Fundamentals of Continuous Security Validation

This Continuous Security Validation course provides fundamentals of Continuous Security Validation (CSV) that you need to validate and improve security effectiveness continuously. It describes each stage of the Continuous Security Validation Lifecycle with examples.

Continuous Security Validation Use Cases

In the Continuous Security Validation Use Cases course, you will learn five major use cases of the Continuous Security Validation approach: Security Posture Management, Security Control Validation, Security Control Rationalization, Enhancing Detection Efficacy, and Compliance Enablement.

Learning Path: Proactive Security Operations Center (SOC)

Fundamentals of Modern Log Management Practices

This Log Management course is the first course of the Proactive Security Operations Center (SOC) learning path. By the end of this course, you will have learned about the Log Management process, primary log sources, prioritization, log management challenges and best practices.

Fundamentals of SIEM Alert Rule Development

By the end of the SIEM course, you will have learned about the fundamentals of SIEM technology, challenges in alert rule development, detection as code approach, and Alert Rule Development Life Cycle offered by Picus. We also provide ten recommendations to solve main challenges.

The Beginner’s Guide to Endpoint Detection and Response (EDR)

By the end of the Endpoint Detection and Response (EDR) course, you would have learned endpoint security technologies (AV, NGAV, EPP, NGEP, EDR, XDR) and the primary functions of an EDR solution, namely collection, detection, threat hunting, investigation, and response.

Operationalizing MITRE ATT&CK for SOCs

By the end of the Operationalizing MITRE ATT&CK for SOCs course, you would have learned about how to operationalize MITRE ATT&CK with four fundamental use cases: Threat Intelligence, Adversary Emulation, Gap Analysis, and Detection & Analytics.

Foundations of Threat Hunting

By the end of the Threat Hunting course, you would have learned about challenges and culture shifts in detection, threat hunting fundamentals and goals, and the four steps of threat hunting with real-world examples.

Learning Path: The MITRE ATT&CK Framework

The Absolute Beginners Guide to MITRE ATT&CK

By the end of this MITRE ATT&CK course, you would have learned about how to operationalize MITRE ATT&CK with four fundamental use cases: Threat Intelligence, Adversary Emulation, Gap Analysis, and Detection & Analytics.

ATT&CK #1 — Process Injection

Process Injection is the most prevalent ATT&CK technique. It provides an increased level of stealth, persistence, and privilege for adversaries. The Process Injecion course provides essential knowledge on the Process Injection technique.

ATT&CK #2 — PowerShell

As a powerful interactive command-line shell and scripting language, PowerShell is the second most prevalent ATT&CK technique used by adversaries. The PowerShell course provides why and how adversaries utilize PowerShell, and red & blue teaming exercises.

ATT&CK #3 — OS Credential Dumping

Adversaries dump credentials to access other resources and systems in the environment. TheOS Credential Dumping course provides 11 methods and 11 red teaming exercises that are used to obtain credentials from the OS and software.

ATT&CK #4 — Masquerading

Adversaries disguise features of their malicious artifacts as features of legitimate software for defense evasion. In the Masquerading course, we will go through the fundamentals of the technique, its sub-techniques, red and blue teaming exercises.

ATT&CK #5 — Windows Command Shell

Adversaries frequently utilize the Windows Command Shell (cmd) to execute commands and control the OS. The Windows Command Shell course explores how adversaries operate Windows Command Shell in their attacks and red and blue teaming exercises.

ATT&CK #6 — Command and Scripting Interpreter

Not only legitimate users but also adversaries use command and scripting interpreters to execute codes and automate long tasks. The Command and Scripting Interpreter course explores how adversaries abuse interpreters, such as AppleScript, Python, Unix Shells, VBScript, JavaScript/JScript, and Network Device CLIs.

ATT&CK #7 — Scheduled Task/Job

Adversaries use task scheduling utilities of operating systems to execute malicious payloads on a defined schedule or at system startup to achieve persistence. The Scheduled Task/Job course provides the Scheduled Task/Job technique’s fundamentals, sub-techniques, adversarial use cases, and red and blue team exercises.

ATT&CK #8 — Registry Run Keys / Startup Folder

Adversaries utilize run Keys in the Registry and Startup Folders for persistence. The Registry Run Keys / Startup Folder course provides information about registry keys and startup folders used by attackers and use cases by threat actors and malware.

ATT&CK #9 — System Information Discovery

Following initial access to a system, adversaries gather information about the system to decide how to continue the attack. The System Information Discovery course will investigate how the attackers discover what system information with real world use cases.

ATT&CK #10 — Impair Defenses

Disabling, modifying, or blocking defensive security controls is one of the most common behaviors of adversaries. The Impair Defenses course will explore impairing preventative defenses, detection capabilities, and supportive mechanisms, such as Event Logging.



Suleyman OZARSLAN, PhD
Picus Security

Co-founder @ PICUS | VP of Picus Labs | Purple Academy | Hacker | Researcher | Former Cyber Security Trainer @ NATO SPS #infosec #cybersecurity #enterpreneur