I recently completed Leszek Miś's PurpleLabs training course. As a security researcher focusing on Linux, I found it to be a well-structured and hands-on introduction to a broad range of Linux TTPs. The course effectively demonstrates real-world techniques while encouraging participants to explore each topic in depth independently. Because of this, the real value comes from the effort you invest in digging deeper beyond the exercises.

One of the course’s strengths is that it exposes you to multiple monitoring environments, including Elastic, Splunk, Sandfly Security, Arkime, Wazuh, and others, allowing participants to experience the unique visibility and perspective each solution brings to detection and investigation.

I’d recommend this course to anyone working on blue team operations in Linux environments, starting in Linux security research or detection engineering, or simply looking to strengthen their understanding of Linux attack techniques.

With some self-guided research alongside the labs, you’ll come away with a solid understanding of how to both execute and detect a wide range of foundational and advanced Linux TTPs.

The course explores Linux security from incidents, exploits, and vulnerabilities all the way to large-scale detection and Linux forensics. It took me through attack paths, kernel/user-space rootkits, C2 frameworks, and persistence techniques, all tied to real-world threat scenarios and investigations.

This isn’t a “check the box” course for me. It’s a reference I’ll keep coming back to for refining my knowledge.

A big thank you to Leszek Miś for putting together such a comprehensive and practical resource!

• Great course, excellent added value with ongoing access to course material as well.

• Great training, excellent, thank you!

• Great research, learned a lot! Respect for all that Leszek achieved.

• I liked the dynamic style of the course very much.

  Also, the presentation/live demo at the end of the course was really nice. I like the idea behind the whole EDRmetry/PurpleLabs project!

• Just awesome! Great material, well-prepared training!

• Such a nice, knowledgeable instructor! I'm so happy that I managed to attend this course! and definitely will be highly recommended!

• Beyond this training, it would even be interesting to see a certification. I am excited and would love to see the services and tooling Leszek will release soon. :-)

• The training was great, I learned a lot of new stuff, and it was very good to refresh my mindset to look more from a practical attacker's point of view instead of just reading up on single techniques. Thanks for a great 3 days. It was inspiring stuff.

• Great training, pace was fine. Even though I'm not super experienced in Linux architecture and couldn't understand everything, it was still useful. Timing for the practical sessions was on point, not too long and not too short. Thanks for this awesome training! Best conference training I've had so far :)

• Leszek has a lot of knowledge about Linux forensics, threat hunting, and incident response. From an offensive perspective, the most useful parts of the training are getting familiar with the monitoring tools available and learning more about the internals of these tools (including the Linux internals). It gives me new inspiration to dive deeper in some topics, such as ebpf and some interesting syscalls. The life long access to the course material is going to be a great resource as well.

During x33fcon this year, I had a chance to attend training from Leszek Miś - Effective Linux EDR/XDR Evaluation Testing for Red and Blue Team.

Actually, one of the best trainings I've ever attended, which already is starting to show its value, during my day-to-day job as a threat hunter.

If you have a chance to attend it, and you're battling your thoughts about it, I reassure you, it's 100% worth it, especially for people who have to deal with threat hunting and detection engineering, to take a step back and re-evaluate themselves.

• The class was very good. I definitely learned a lot, and the hands-on exercises were fun.

• Great class, lots of good info and fun hands-on labs.

• I thoroughly enjoyed this course: the instructor was very knowledgeable and had a great energy/attitude around teaching the content material. Additionally, the resources we have are great, especially since I don't have a strong networking background/work role. Overall, very interesting and helpful towards future learning opportunities, network/malware investigations, and job opportunities. Thanks! :- )

• Way more content than you can cover in a class. Lots of good materials.

• 10/10

• Wizard stuff

• 5-star review

• Great training

• Really nice class,

• Learned a lot!

• Amazing content and presentation

• The materials were really insightful and a great learning experience for me. I learned how red team carries out their attacks to train the blue team thinking in offensive way, which will be useful for me to protect my production servers better. Thanks for the amazing course!

• Leszek kept the whole hands-on interesting and enaging at alltimes and is good at griding people that may have little experience. Even when I had quite a bit of experience in the field of Linux, I still learnt something new when revisiting some basics in the course, great job!

• Preparation of materials given was very useful and eye opening. Materials covered latest trends and tools thatare not as well known.

• A very passionate and dedicated instructor, covers and elaborates on alllearning points very comprehensively. Very friendly and answers patiently. Training environment was very well prepared and the demoswere very intuitive and easy to use. I enjoyed Leszek's class and would recommend to other security researchers.

If you're looking to gain an in-depth understanding of Linux malware behaviour, I highly recommend the PurpleLabs Linux Attack, Detection, and Live Forensics course. It’s one of the most comprehensive training programs I’ve encountered, particularly when it comes to exploring malware in Linux environments.

This course is ideal for anyone seeking to grasp the complexities of Linux threats—ranging from rootkits to advanced persistence techniques. Whether you're new to Linux security or already experienced and looking to expand your knowledge, this course is an invaluable resource. Next year the new updates will include attack, detection, and hunting in Kubernetes, which I am looking forward to exploring.

A special thank you to Leszek Miś for his unwavering commitment to keeping the course updated with the latest Linux threats, ensuring that participants always have access to the most relevant and cutting-edge cybersecurity techniques. Your dedication to the field is truly inspiring!

If you look to delve into Linux threat hunting, detection, and DFIR, this program is the go-to choice. The clarity and structure of the course are exceptional, making complex concepts easy to grasp. This course doesn't just scratch the surface; it delves deep into the intricacies of Linux security. One of the highlights is the comprehensive exploration of different rootkit types and how to effectively detect them. Upon completion, you'll not only understand the theoretical underpinnings but also be equipped to build your own detection and threat-hunting system using open-source tools. I highly recommend this training course. Thank you for this excellent course.

Last week I was extremely lucky to participate in intense training focused on Linux attacks, detection, and live forensics at scale by the incredible Leszek Miś . Those 3 days were full of knowledge and practice, we looked at attacks not only from the defensive point of view but also got a little bit offensive 🔵🔴

It was great to be able to observe how our actions in the systems appeared in the logs and how well open-source tools perform in many of the detection or response use cases. I must admit that the infrastructure and scenarios were amazing, everything ran smoothly and the rarely required troubleshooting was always quick.

I can clearly see I have a lot more to learn about Linux and rootkits, but hands-on practice and great learning materials really made it a fun and valuable experience, recommend! 🏅

Thanks for the training. I really appreciate all the time you have put into the material. It is nice to have training from someone who enjoys learning and sharing what they have learned with others. I have attended Black Hat for about 16 years now and this has to be my favorite training session to date. Many of the classes at Black Hat spend most of their time on Windows, so it was nice having your class as an option to focus on Linux. The material covered and its presentation was perfect. I will be recommending this training to others at work. Keep up the good work. Also, Thanks so much for extending the lab time. I plan to be on it from time to time on the weekends.

I really enjoyed the material; I think it’s the best Linux threat analysis course I’ve seen available. The hands-on approach and depth of content have been incredibly valuable and insightful.

"I had the pleasure of completing Leszek’s exceptional course on Linux Attack and Live Forensics At Scale. I am especially impressed by the depth of each topic and Leszek's ability to simplify intricate concepts, making it an invaluable learning experience for even seasoned professionals. The hands-on approach, particularly in experimenting with the latest offensive techniques from stealthy rootkits to C2 frameworks and so much more, using relevant open-source tools for detection, significantly enhances the value for any security professional. Leszek's continuous incorporation of new topics further enriches the course's value, complemented by exceptional support. Undoubtedly, it has elevated my skills in purple teaming / learning new offensive and defensive techniques and I highly recommend Leszek’s course to anyone looking to enhance their skills in this area."

The labs were great and complete. I would rate it at 9/10. My one wish is that maybe offer offline labs in regards to the material but everything is top quality live real material.

Shoutout to Leszek Miś for the amazing work and highly intense training. This is not your average training. You need to have some basic knowledge to get past the next challenge. I enjoyed it, I will definitely go back in for a refresher.

I highly recommend this platform and the training it provides! I took this workshop at Hack In The Box (HITB) 2023 and found it to be very well-structured, accessible, comprehensive, and up-to-date. Leszek is a great instructor, very responsive, and addressed every question I had both during the class and after it. If you are looking for a great resource to get hands-on experience with both Red and Blue teams' latest tools in Linux - this is the place to look at.

"It is funny, out of all courses and labs, PurpleLabs was the best lab in terms of knowledge that I use today."

I had the pleasure of participating in an exceptional training: Linux Threat Hunting and Attack Defense. What makes this training truly special is that it was led by someone who is not just a trainer but the creator of the training materials. The topics covered are extensive, and the provided resources, which can be revisited after the training, are a treasure trove of knowledge and hands-on experience gained over many years. But what stands out the most is Leszek Miś passion and dedication, as he explains even the most complex topics in a clear and approachable way. I wholeheartedly recommend this training not only to those involved in Threat Hunting but also to anyone looking to deepen their knowledge of Linux systems.

"Great content, very informative, Super training!, Learned new ways to detect attacks and defend on Linux, Good overview of offensive/defensive tools, I mostly like the level of content of this course, Good overview of different attacks and their traces in multiple monitoring systems, Content: Excellent."

"We utilized PurpleLabs to further develop our SOC team skills. We have found that Defensive Security's hands-on content enabled them to better understand Linux internals and threats landscape in a unique hands-on format. Many step-by-step offsec lab modules ready to chain into low-level Linux attack paths, different detection layers, live telemetry streams and forensics tooling allow for a unique and challenging hands-on experience. Highly recommended!"

"I've been having fun doing the Defensive Security Linux Attack and Live Forensics course."

The course material is awesome! I had a few Linux cases that the material was super helpful and relevant.

Excellent training material. Training deeply covers all aspects of attack and defense in Linux environments, certainly worth every investment.

If you need to get deep and broad knowledge in the scope of Defensive Security using Open Source software then don't hesitate and just grab for it - definitely worth attending and meeting Leszek in person and his experience during 3 days long comprehensive technical training.

The Purple-Labs environment provides a great pre-configured environment for testing detections – it’s something our team has tried setting up themselves in the past, but has proved to be a challenge - so your pre-rolled solution is attractive.

Even though I am still going through the material, I must say it is the best I am aware of that covers Linux Attacks, Detection, and Live Forensics, So, thanks for your work! Really impressive. 

Back in November 2023, I felt like expanding my horizons to the Linux Defence and came across this great course. Not only it covers concepts in depth but it does show the power of open source. Even though the course is transcript-based still the content depth and quality is very great.

I had the pleasure of undertaking the Defensive Security "Linux Attack, Detection, and Live Forensics" course by Leszek Miś. The course's hands-on approach, which includes experimenting with offensive techniques and using open-source tools for detection, greatly enhances its value for security professionals. I have developed a much better understanding of the Linux threat landscape. I highly recommend the course to anyone looking to enhance their skills in this area.

I found it incredibly valuable for expanding my knowledge in Linux cybersecurity. The course materials cover modern threats comprehensively, offering hands-on labs that simulate real-world attack scenarios. This practical approach significantly enhanced my skills in both detection and defense techniques. I highly recommend PurpleLabs to anyone looking to deepen their understanding of contemporary cybersecurity challenges.

The training provided a hands-on lab that included all the tools needed to analyze an infected system. I became familiar with some of the powerful open-source tools in the industry and gained knowledge of what Linux rootkits look like from the kernel perspective.
The course is recommended for all knowledge levels, as it covers everything from Linux essentials to eBPF apps mechanisms and more.

Just completed Defensive Security Linux Attack, Detection and Live Forensics course. Learned a hell of a lot - and what I learned is practical and usable (hello office network, let's see how much you really protect outbound)....

The prices are much better than usual training courses.

Training was really great, I really liked the fact that you offer multiple tools to be able to compare results between them. I really learnt a lot and the purple teaming style is definitely the right approach

The course was brilliant, one of the most hands on I have ever done which was great! 

I felt it was very wordy but this fit in well overall with the practical conponent. 

I will certainly recommend it to my colleagues and friends. I thought previously my Linux knowledge was intermediate, but this was mistaken. There was a mountain I didn't know nor didn't know I didn't know haha.

One of the best training when it comes to Linux, and there are very few of them on the market. A lot of examples, technical details and laboratories. I also learned a lot of things, and I will have even more material to analyze further. It's great that I have access to materials and content updates.

I had a great time taking the Practical Linux Attack Paths and Hunting for Red and Blue Team class during Black Hat USA 2024 with Leszek Miś! Covering the material again over the last days was just as fun as the first time. If anyone needs to learn purple team fundamentals, threat hunting, and practical Linux hacking/defending (especially in enterprise) then look no further. This is the some of the best material I've ever has the pleasure of working through.

Absolutely brilliant course and lab setup you provided. I really enjoyed and learned a ton of things. Thank you for the opportunity of the course and will be using this as my go-to reference! Keep up the amazing work

I'm delighted to share the completion of a super cool course created by Leszek Miś from Defensive Security.
Stop here! :) It's not just another course - you'll find there a tons of Linux security essentials, surprising tricks, and non-obvious tactics. Absolutely great knowledge in one, neat place. I firmly believe that everyone will encounter moments of, "Oooohhh! I didn't know that!" or "I could have implemented that in my recent project!", etc. Highly recommended!

If you’re looking to dive deep into understanding Linux malware behavior, I highly recommend the PurpleLabs Linux Attack, Detection, and Live Forensics course. It’s one of the most thorough training programs I’ve come across, especially when it comes to exploring how malware operates in Linux environments. The hands-on labs and detailed analysis really stand out, giving you a solid grasp of both offensive tactics and defensive detection strategies.

This course is perfect for anyone wanting to understand the complexities of Linux threats—from rootkits to advanced persistence mechanisms. Whether you’re new to Linux security or have experience and want to deepen your knowledge, this course is incredibly useful.

A special shoutout to Leszek Miś for his dedication to continuously updating the course with the latest Linux threats, ensuring that participants are always learning the most relevant and cutting-edge techniques in cybersecurity. Your commitment to the field is truly inspiring!

Every organization must constantly strengthen its defense capabilities, testing, researching, that’s obvious in cybersecurity. Many thanks to Leszek Miś, who did an excellent job with the workshop “Linux Incident Response”. He performed a lot of the tests, attack emulations and playbooks, so we have improved our skills related to Linux hunting and responding to incidents detected by EDR. His experience, commitment and enthusiasm are top-notch, and we can sincerely recommend Leszek's work to others.

Honestly, one of the best hands-on training labs that I have seen, and covering Linux nothing can compare according to my knowledge! Massive thanks for the Purple Labs DFIR Threat Hunting experience, honestly I loved every bit of it! I am fully confident it is one of the best world-class hands-on training with outstanding bang-for-bang value and personally, I had so much fun and learned a lot.

It's not CISSP nor SANS....but the value you get out of it is incredible.

Thank you, Leszek for the good material you provided, including the Labs, cases, and approach to purple teaming in practice.

I learned much, and still going to practice the cases to learn more about Linux rootkits and Threat Hunting.

I think the course is excellent, and the labs provide a great environment to test the skills. On my end, I will recommend your course to anyone interested in Linux security. 

One word about the course = AWESOME. While to be honest, with the number of topics and activities presented on the course, one can definitely be overwhelmed, it was for me, but I chose not to because I want to learn and solidify my Linux defense mindset.

You introduced me to a lot of platforms, tools, technologies, and, more importantly, that Purple teaming mindset that I will continue to practice and do outside the course material.

I rarely encounter someone so dedicated to empowering others, and that is you Bro! I really appreciate those times when I asked a lot of questions, and you genuinely provided not one but multiple answers in order for me to grasp those core topics and concerns. 

That dedication and desire to help others is evident in the policy that once students purchase the course, access is perpetual, even for updates, which is so important and truly a bang for one's buck :)

MEGA course, with a huge amount of materials, I managed to complete some of them, but as you wrote in one of the links, it takes a lot of time to complete everything, and that's true, especially if you want to learn the subject in depth. I am very happy with the available materials, I am already implementing some of the concepts at my place.

I enjoyed the course and learned many new things about Linux attacks and defense.  This is no small feat, as I've been working with them for 25 years. The eBPF section was especially useful as I had not had exposure to it prior to the course. Overall, it has been a fantastic course and one of the better Linux security courses I've attended.