This one is non-specific. It offers up a list of URLs to other projects that provide tools/methods for “Purple-Teaming”, meaning that the practitioners are performing the roles of both

• Red Teaming (attackers/perpetrators),       and
• Blue Teaming (monitors, detectors, forensics, defenders)

I will let the project’s description speak for itself:

awesome-linux-attack-forensics-purplelabs

This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.

Due to the fact that I have been practicing the red vs blue approach for years, the material below will allow you to see the scale of the number of projects, techniques and tactics in the scope of Linux/Kubernetes offensive/detection/DFIR.

All these offensive techniques and tools have been tested by myself (including source code analysis), detected by different layers (host/network) and mapped to small hands-on lab scenarios to finally become a part of the PurpleLabs Playground (https://edu.defensive-security.com/)

If you are looking for a complete workshop/training program, the links below are the core of the unique “Linux Attack and Live Forensics At Scale” (https://edu.defensive-security.com/linux-attack-live-forensics-at-scale) training program. This is the first step to create a dynamic workshop program as a framework, where you can play as Linux attacker, detection engineer and Forensicator at once using full set of custom TTPS! The approach will also allow for the creation of custom attack paths, detection engineering and incident response steps including live forensics.

Purple teaming for life!