Attack Emulation Tools: Atomic Red Team, CALDERA and More w/ Darin and Carrie Roberts (16 Hours)

Attack Emulation Tools: Atomic Red Team, CALDERA and More w/ Darin and Carrie Roberts
4 Sessions – 4 Hour Classes

Instructors: Darin and Carrie Roberts


  • 16 hours of hands-on interactive learning 
  • Introduction to MITRE ATT&CK Framework and the ATT&CK Navigator
  • In-depth Coverage of Atomic Red Team and MITRE CALDERA
  • Overview of other emulation tools including Prelude Operator, Mordor, SCYTHE and PurpleSharp
  • Purple Team tracking and reporting with Vectr
  • Interactive Exercises (Labs)
    • MITRE ATT&CK and the ATT&CK Navigator
    • Atomic Red Team
    • Prelude Operator
    • SCYTHE (commercial product)
    • Vectr
  • Courseware
    • Downloadable slides and lab walkthroughs
    • Access to lab environment during class and 2 hours immediately after

Attack Emulation tools help you measure, monitor and improve your security controls by executing scripted attacks. Atomic Red Team and CALDERA are two open source attack emulation projects that are mapped directly to the MITRE ATT&CK Framework. This class will provide an overview of the MITRE ATT&CK framework and give you in-depth, hands-on knowledge of how to execute scripted attacks that exercise many of the techniques defined in MITRE ATT&CK. You will be provided with hands-on lab instructions for emulating a variety of attacks and creating visualizations using MITRE ATT&CK Navigator. At the end of this class you will have the knowledge and tools to begin executing simulated attacks within your own test environment where you can create and validate detections in a script-able and consistent way.

Whether you are a student of information security or a seasoned network defender there is something to learn from getting involved in the Attack Emulation space and this course will help you do that.


  • General understanding of MITRE ATT&CK and Attack Emulation tools
  • In-depth knowledge of Atomic Red Team and MITRE CALDERA
  • Key understanding of how Attack Emulation can help you build and validate your detections
  • General understanding of other available Attack Emulation tools


Anyone interested in learning more about cyber attacks and tools to emulate and report on them through hands-on labs should take this course.

  • Defenders and Blue Teamers
  • Students interested in Information Security
  • Penetration testers and Red Teamers
  • General Security Practitioners


Entry level through advanced information security skills. 


General familiarity with the Windows and Linux operating systems. 


  • Internet connectivity
  • Remote Desktop Protocol (RDP) client


  • Downloadable course slides and lab walkthroughs
  • RDP access to a Windows 10 client in Azure for running labs (lab environment available during class hours and for 2 additional hours immediately following the class)

Instructor Bios

Darin Roberts
Darin Roberts is a penetration tester, security analyst, and prolific blogger for Black Hills Information Security. Since beginning his career in information security in 2015, he has acquired a plethora of GIAC certifications including, GISF, GSEC, GCFE, GCIA, and most recently, GCIH. When Darin isn’t competing in CTFs or studying for certs, he enjoys teaching and sharing his knowledge with others. Additionally, he has a B.S. degree in Computer Information Technology, as well as a B.S in Engineering and a Masters in Teaching.


Carrie Roberts
Carrie Roberts is a web application developer, turned pentester, turned red teamer, turned blue. She loves to learn and give back to the community. She is currently one of the primary Atomic Red Team project maintainers and developers and has developed many of her own open source tools including the Domain Password Audit Tool (DPAT) and Slack Extract. She holds Masters Degrees in both Computer Science and Information Security Engineering. She has earned 12 GIAC certifications including the prestigious “Security Expert” (GSE) certification. She has spoken at numerous security conferences including DerbyCon and Wild West Hackin’ Fest, published many blog posts on topics ranging from social engineering to bypassing anti-virus, and contributed new research on the VBA Stomping maldoc technique. 


Tue, April 27, 2021 11:00 AM – 4:00 PM EST

Wed, April 28, 2021 12:00 PM – 4:00 PM EST

Thu, April 29, 2021 12:00 PM – 4:00 PM EST

Fri, April 30, 2021 12:00 PM – 4:00 PM EST

Register to attend this course virtually in April here

Tue, July 13, 2021 11:00 AM – 4:00 PM EST

Wed, July 14, 2021 12:00 PM – 4:00 PM EST

Thu, July 15, 2021 12:00 PM – 4:00 PM EST

Fri, July 16, 2021 12:00 PM – 4:00 PM EST

Register to attend this course virtually in July here

Join the Wild West Hackin’ Fest Discord server to stay updated on future training and webcasts: Join Our Server!