Free Assessment

What's your
detection
engineering
path?

Detection playbooks, techniques, and resources built around real adversary behavior. Deploy detections mapped to the threats targeting your industry. Without starting from scratch.

Find Your Path → Get the Playbooks

Rules analyzed

312

Defense evasion

29%

Lateral movement

41%

Initial Access
82%
Priv Escalation
74%
Lateral Movement
41%
Defense Evasion
29%
About Charles
Charles Garrett
Charles Garrett
Principal Detection Engineer · Founder, Purple Shell Security

I know what bad detections look like from the inside. I spent years on the defensive side of financial services. Validating controls, reviewing detection logic, tuning rules in AWS and GCP production environments. Azure is where I went deeper on my own. Adversary Lab is how I built it in public.

Adversary Lab is the detection content arm of Purple Shell Security. Need it deployed? Purple Shell builds detection programs for teams →

Proof of Work
See what a playbook looks like.

This is the same quality and format as every playbook in the Adversary Lab library. Detection rule, alert triage, investigation procedure, containment, and remediation. Built for production Azure environments. Free. No signup required.

Download Free Playbook →
Free Playbook
Service Principal Credential Addition
T1098.001 Persistence Azure KQL
Detection Rule
Alert Triage
Investigation Procedure
Containment Actions
Remediation Steps
PDF · No signup required
What's Inside
Everything you need to
build your first detection.
🛠️
Live Azure & AKS Lab
A real tenant with real attack techniques. Hands-on from day one. No six-figure security stack required.
INCLUDED
📖
Threat Actor Techniques
Detection content built around APT29, Scattered Spider, Silk Typhoon, and others. Know what they do. Build detections that catch them.
INCLUDED
💬
Field Manuals & Resources
The Azure Cyber Defense Manual and a growing library of detection engineering resources published regularly as the threat landscape evolves.
INCLUDED
What You Get
Resources built for
practitioners who deploy.

Every resource in Adversary Lab is built around real adversary behavior. Not theory. Not slides. Things you can open and use the same day.

01
Detection playbooks mapped to real threat actors
APT29, Scattered Spider, Silk Typhoon, and others. Each playbook breaks down what they do and how to catch them.
02
Technique breakdowns you can act on
Know what adversaries actually do at the Azure control plane. Every technique breakdown includes detection logic you can deploy.
03
Azure Cyber Defense Field Manual
A comprehensive reference for Azure detection engineering. Real-world detection patterns built for production environments.
04
AKS and container threat detection
Kubernetes is where attackers are moving. Resources built specifically for container threat detection in Azure environments.
05
New resources published as the threat landscape evolves
Adversary behavior changes. The library grows with it. New playbooks and technique breakdowns added regularly.
This Is For You
One license.
Your work. Your environment.
SOC Analyst / Detection Engineer
Deploy detections you didn't have to build from scratch
Production-ready playbooks mapped to real threat actor techniques. Open them, adapt them to your environment, deploy them. No starting from zero.
Security Consultant
Go deeper on detection engineering.
Detection engineering is the skill that separates consultants who advise from those who deliver. Adversary Lab sharpens that skill. Playbooks, technique breakdowns, and field manuals built around real adversary behavior.

Interested in deploying this with clients? Let's talk →
Independent Practitioner
Stay current without doing all the research yourself
Threat actors evolve. The library grows with them. New playbooks and technique breakdowns published regularly so you're not spending hours chasing what adversaries are doing now.
Adversary Lab — Annual Membership
Detection resources built
for production.

Full access to the detection playbook library, threat actor technique breakdowns, field manuals, and new resources published as the threat landscape evolves.

Full detection playbook library
Threat actor technique breakdowns
Azure Cyber Defense Field Manual
AKS and container detection resources
New resources as threats evolve
Single use license
$150
/ month
Get the Playbooks →
Teams & Organizations
Need it done for you?

Purple Shell Security designs and deploys detection engineering programs for organizations that need production-ready detections without the full-time headcount. Threat-informed, environment-specific, and built to last.

Book a Call →