https://github.com/ch33r10/EnterprisePurpleTeaming
https://github.com/TryCatchHCF/DumpsterFire
While you're in a meeting or out enjoying life, your DumpsterFire is waiting for its date-time trigger to activate. On a Red Team engagement, while you're busy exploiting that exposed service on a forgotten B2B server, your cloned & time-sychronized DumpsterFires are busy lighting up the target organization's SIEM on a far-away subnet, distracting their response team. Blue Teamers can turn table-top paper exercises into "live fire" range events, with controlled, pre-approved DumpsterFire event chains to trigger sensors and alerts, and train your analysts using their actual operational environment. Purple Team operations can now execute methodical, repeatable event chains to consistently map out their sensor and alerting posture.
https://github.com/NextronSystems/APTSimulator
APT Simulator is a Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised.
A Guide to Purple Teaming: What, Why, Who, When & How
https://www.youtube.com/watch?v=xtDCfDEH7dA
https://www.youtube.com/watch?v=oGRUdAOuh_w
https://www.youtube.com/watch?v=ab_Fdp6FVDI
https://www.youtube.com/watch?v=wfTMGTfr8gI
https://github.com/QueenSquishy/plague
The detections detailed below are what I attempt to establish on any EDR product I deploy or work on. Take your own considerations for criticality and datasets.