Defensive-Security Store

Learn Attack, Detection and Forensics with PurpleLabs

Defensive Security helps you become a skilled Linux-oriented Cyber Security Expert through Hands-on Attack + Detection Engineering + Hunting + Live Forensics and Incident Response lab scenarios in PurpleLabs Cyber Range.

Advanced Linux Detection and Forensics Cheatsheet

Download Cheatsheet Now

Open Source Defensive Security Education Services

We offer advanced, hands-on cyber security training programs backed by PurpleLabs - a customized Open Source Cyber Range Environment enriched by modular, step-by-step Linux and Windows offensive/defensive labs.

PurpleLABS is a dedicated virtual detection infrastructure that offers full visibility across many critical security data sources including host and network layers. The platform is powered by a combination of different Linux/Windows adversary simulation hands-on exercises that include advanced enumeration, remote and local exploitation, C2, network exfiltration, and post-exploitation including rootkit source code analysis and operations, lateral movement and pivoting scenarios.

You can use PurpleLABS as your stable and cheap R&D Cyber LAB for your own network security research needs or as a part of "Attack vs Detection"-style training programs where you will study hands-on material.

Customers list

Microsoft, Nokia, ING Tech, Warta, Government of Dubai, PZU, PGNiG, PGE, Stack Overflow, DailyMotion, Alior Bank, Ministry of Finance Poland, MON, BGK, Millennium Bank, PKO BP, Gdańskie Centrum Informatyczne, Nazwa.pl, Rekord Systemy Informatyczne, IBS, AXA, Aviva, Cinkciarz.pl, Rockwell Automation, Esky, LPP, ARiMR, TUV, Polkomtel, Biatel, Integrated Solutions, Orange Polska, Fujitsu, KOWR, ARiMR, Agora, PERN, Gdańskie Centrum Informatyczne, Ministries of National Defense, Trend Micro, Vodafone, Aquasec, IBM, AmiViz, Netspi, Western Governors University, Crowdstrike, Simplicity Poland, Beyoncyber, StepStone, Collective Sense, Government of Singapore, CyberPRO, PepsiCo, Barclays, VISA, Paypal, Digital14, CERT Belgium, JPMorgan Chase, DSO National Laboratories Singapore, European Commission Cyber Division, DailyMotion, TUV, CommonSpirit Health, ExtraHop, DHL, Continental, Optiver, Abbott, MWR, TrustedSec, Maybank SG, Emirates, Google, mLeasing, Tiktok, Trustwave, Logitech, PKP Informatyka, WatchTowr, Vodafone, Ratels, Admiral Group, Grupa Azoty, Allegro, Cisco, Arista Networks, Sandia National Laboratories US, UK Defence Science and Technology Laboratory, Deutsche Bahn, Adyen, Singapore Centre for Strategic Infocomm Technologies, E.ON, CommonSpirit Health, Adyen, KPN, Kaspersky, and more.

Available products

Self-learning products/materials include access to hands-on style training materials + updates. The displayed price will be increased by the appropriate VAT applicable to tax regulations.

€399

EDRmetry Linux Matrix For Download / Self-Hosted - Comprehensive Hands-On Attack TTPs Catalog

Course
28 Lessons

EDRmetry Matrix is a powerful, hands-on playbook crafted to empower security professionals to evaluate Linux EDR/Runtime Security. Aligned with the MITRE ATT&CK™ Framework, it offers a cost-effective, customizable approach to simulating real-world Linux attacks. Fueled by continuous research into emerging threats, EDRmetry Matrix serves as a dynamic hub for cutting-edge offensive Linux expertise.

View product

€399

Linux Attack, Detection and Live Forensics v1.0 - MATERIALS ONLY - Lifetime Access

Course
263 Lessons

Learn Linux attack, detection, and live forensics based on hands-on analyses of exploits, user space/kernel space Linux rootkits, C2 frameworks, and offsec tools. Create low-level Linux attack paths, know better Linux internals, improve your Linux detection, understand the need for Linux telemetry, and stay prepared for Linux threats. Unlimited access to materials + updates is guaranteed.

View product

€349

PurpleLabs VPN Access - 90 days

Course
8 Lessons

This 90-day PurpleLabs VPN access package is dedicated to hands-on exercises with the Linux Attack, Detection, and Live Forensics course and EDRmetry Matrix. PurpleLabs Cyber Range offers an immersive cybersecurity training environment where security professionals can sharpen their skills through realistic threat scenarios. After the purchase, you can start your VPN access at a convenient time.

View product

Defensive Security is an official partner of Sandfly Security

Sandfly is an agentless Linux EDR and incident response platform. It finds Linux threats without endpoint agents. Sandfly's deep understanding of Linux intruder tactics offers unparalleled threat coverage and proactive protection. Known and unknown attacks are detected with safety and performance.

Learn more about Sandfly Security

Training @ Conferences

We had a pleasure to deliver training or session as a part of conference's agenda:

Black Hat MEA 2025

25 - 27 November 2025

Training: Effective Linux EDR/XDR Evaluation Testing for Red and Blue Team

Registration open

x33fcon Poland

9-11 June 2025

Training: Effective Linux EDR/XDR Evaluation Testing for Red and Blue Team

Registration open

Black Hat USA 2025

2-3 & 4-5 Aug 2025

Training: Effective Linux EDR/XDR Evaluation Testing for Red and Blue Team

Registration open

OrangeCON NL

1-3 September 2025

Training: Practical Linux Attack Paths and DFIR/Hunting for Red and Blue Team

Registration open

Black Hat Asia 2025

1-2 April 2025

Training: Effective Linux EDR/XDR Evaluation Testing for Red and Blue Team

Registration open

Black Hat USA 2024

3-6 August 2024

Training: Practical Linux Attack Paths and Hunting for Red and Blue Team

Registration closed

2024 - Private Training in Netherlands

6-9 April 2024

Training: Linux Attack, Detection, and Live Forensics in PurpleLabs

Hack In The Box 2024 Bangkok

26-28 August 2024

Training: Practical Linux Attack Paths and Hunting for Red and Blue Team

Registration closed

44CON 2024 UK

16-18 September 2024

Training: Practical Linux Attack Paths and Hunting for Red and Blue Team

Registration closed

Hack In The Box 2023 Phuket

August 21 - 25 2023

Training: Practical Linux Rootkits for Red and Blue Team

Hack In The Box 2022 Singapore

Training: Linux Attack and Live Forensics s at scale

BruCON 2022 Belgium

Training: Linux Attack and Live Forensics at scale

Hack In The Box 2020 ONLINE

Training: C2 and Post-Exploitation Techniques

Hack In The Box 2019 Abu Dhabi

Training: In & Out: Network Data Exfiltration Techniques

Hack In The Box 2019 Singapore

Training: In & Out: Network Data Exfiltration Techniques

Hack In The Box 2019 Amsterdam

In & Out – Network Exfiltration and Post-Exploitation Techniques

Black Hat 2019 USA

Training: In & Out: Network Data Exfiltration Techniques [RED edition]

44CON UK

Training: In & Out: Network Data Exfiltration Techniques

BruCON 2019

Training: Post Exploitation Adversary Simulations - Network Data Exfiltration Techniques

FloCon 2018 USA

Talk: May the Data stay with U! Network Data Exfiltration Techniques

OWASP Appsec 2018 USA

Training: Open Source Defensive Security

x33fcon 2019 PL

Training: In & Out: Network Data Exfiltration Techniques Training

Confidence PL

Talk: Honey(pot) flavored hunt for cyber enemy

Secure PL

Workshop: Adversary Simulations of network events and anomalies as a proactive source of knowledge on previously unidentified attack vectors

ISSA Poland

Workshop: Proactive analysis of persistence methods in Linux

Semafor PL

Talk: Cyber Range - continuously increasing the technical competencies of SOC teams

Subscribe to Defensive Security mailing list

Join our emerging PurpleLabs community. You will get news about upcoming training, conferences, interesting research, and promotional discount codes for PurpleLabs access.