banner

Intro

Welcome back to the series Offensive Security Training Opportunities in 2025. In Parts 1 and 2, we explored foundational pentesting platforms and specialized tracks in web, API, and mobile application security.

In this third installment, weĺl turn our attention to red team and blue team training opportunities, including advanced offensive operations, adversary emulation, detection engineering, incident response, and other operational security skills. Whether you’re looking to enhance your attack-side capabilities or strengthen your defensive posture, the following trainings will definitely help you on your way.

This post is Part 3 of the Offensive Security Training Opportunities in 2025. You can find the other posts in the links below:

Disclaimer: The opinions stated in this article are solely my own and do not necessarily reflect those of my employer or other affiliations I have. Next to that, courses are not listed in a specific order (this is no ranking by any means). Just because a course is listed in my post does not mean I have actively taken or bought the course, although I have participated in many of these and plan on taking more from this list.

TL;DR

Again if you are only interested in the summary, I have included a table at the end of every chapter with the necessary information.

Red Team

Trainings in this section focus on offensive operations, emulating adversaries, exploiting vulnerabilities, and testing environments from the attacker’s perspective. The resources listed here will help you build or advance your capabilities in threat emulation and adversary simulation. Although some offerings are entry-level, foundational pentesting knowledge is required to proceed.

Altered Security

Formerly known as Pentester Academy, Nikhil Mittal founded Altered Security. Part of Pentester Academy was sold to INE Security. Their well-known red team certifications remain available under the Altered Security name. Altered Security is known for their excellent labs like the Global Central Bank.

Certified Red Team Professional (CRTP)

CRTP focuses on entry-level Active Directory penetration testing from a Windows perspective. Although the course is fully taught from the Windows perspective, lab walkthroughs using a C2 (Sliver) are also provided.

Cost

The training is available in 3 options:

  • $249 (excl. VAT) for 30 day lab access + lifetime access to course material + 1 exam attempt
  • $379 (excl. VAT) for 60 day lab access + lifetime access to course material + 1 exam attempt
  • $499 (excl. VAT) for 90 day lab access + lifetime access to course material + 1 exam attempt

Note: They offer regular discounts on their trainings (20-25%).

Certified Red Team Expert (CRTE)

The CRTE contains Advanced Active Directory penetration testing knowledge. The training course is known for its elaborate lab, which includes eight forests to compromise.

Cost

The training is available in 3 options:

  • $299 (excl. VAT) for 30 day lab access + lifetime access to course material + 1 exam attempt
  • $499 (excl. VAT) for 60 day lab access + lifetime access to course material + 1 exam attempt
  • $699 (excl. VAT) for 90 day lab access + lifetime access to course material + 1 exam attempt

Note: They offer regular discounts on their trainings (20-25%).

Certified Red Team Master (CRTM)

This training, formerly known as PACES or Global Central Bank, is the most advanced Active Directory training offered by Altered Security.

Cost

The training is available in 3 options:

  • $399 (excl. VAT) for 30 day lab access + lifetime access to course material + 1 exam attempt
  • $599 (excl. VAT) for 60 day lab access + lifetime access to course material + 1 exam attempt
  • $749 (excl. VAT) for 90 day lab access + lifetime access to course material + 1 exam attempt

Note: They offer regular discounts on their trainings (20-25%).

Certified Evasion Techniques Professional (CETP)

The Evasion lab (Certified Evasion Techniques Professional) is the latest addition to the Altered Security Training catalog. It is designed to equip information security professionals with the expertise needed to bypass defenses in modern enterprise environments. This course delves deep into the techniques and methodologies used to bypass endpoint countermeasures like EDRs.

Cost

The training is available in 3 options:

  • $449 (excl. VAT) for 30 day lab access + lifetime access to course material + 1 exam attempt
  • $649 (excl. VAT) for 60 day lab access + lifetime access to course material + 1 exam attempt
  • $849 (excl. VAT) for 90 day lab access + lifetime access to course material + 1 exam attempt

Note: They offer regular discounts on their trainings (20-25%).

Altered Security Bootcamps

From time to time Altered Security offers Bootcamps for their certifications where they give 4 live virtual training sessions covering the topics of said bootcamp. During these bootcamps, you will have access to live instruction and are able to ask questions.

Zero-Point Security

Red Team training provider by Daniel Duggan aka RastaMouse. Known for delivering the most value for money Red Team trainings on the market. They recently updated their platform and pricing method to make their courses more accessible in diverse countries.

Certified Red Team Operator (CRTO)

The most well-known Red Team Training out there. Covers all necessary topics to excel in performing adversary simulation and emulation exercises. Recently updated to a new version (May 2025). The course includes labs and is focused on active directory attacks and uses the Cobalt Strike C2 framework. The course teaches good OPSEC and the mindset that is needed to perform red team engagements.

Cost

The course costs £399* (excl. VAT) and includes labs and unlimited exam attempts. You will have lifetime access to the course material, including course updates.

* Price may differ in your region due to Purchasing Power Parity (PPP).

Certified Red Team Lead (CRTL)

The CRTL is the continuation on the CRTO course, often referred to as CRTO 2. The course provides advanced OPSEC and defense bypass strategies. Students will cover topics such as programming with Windows APIs leading into writing custom tooling, PPID Spoofing, in-memory obfuscation, exploiting AS and WDAC, Bypassing AV and EDR by circumventing ETW, userland hooking and kernel callbacks.

Currently the course and labs are not available for purchase as it is undergoing a rework and migration to their new training platform.

Cost

Normally, the course costs £399* (excl. VAT) and includes 1 exam attempt. However pricing can change on the new platform.

If the course following the same principles as CRTO, you will have lifetime access to the course material, including course updates and will have access to the labs and unlimited exam attempts.

* Price may differ in your region due to Purchasing Power Parity (PPP).

OffSec

Offensive Security Experienced Professional (OSEP)

The OSEP is OffSec’s advanced penetration testing course. The course covers evasion techniques and custom exploitation. This is most often seen as the follow-up course to the OSCP.

Cost

The course is available in different pricing:

  • Standalone course: including 1 exam attempt, including 90 days lab access ($1.749) (excl. VAT)
  • Learn One annual subscription: including fundamental courses, KLCP and OSWP ($2.749) (excl. VAT)
  • Learn Unlimited annual subscription: including access to all of OffSec courses and unlimited exam attempts ($6.099) (excl. VAT)

Hack The Box

HTB ProLabs

The ProLabs offering from HTB puts you in multiple simulated organizational network environments. They offer multiple labs ranging from beginner to expert level. In the HTB ProLabs you are being put in a realistic environment where you need to simulate real world cyber attacks to gain full access to the organizational network. Each ProLab offers a certificate of completion.

Cost

ProLabs costs €44/month or €440/year (excl. VAT). This gives access to every Pro Lab in their catalog.

HTB Certified Active Directory Pentesting Expert (HTB CAPE)

This is HTB latest certification (as of this moment). This certification focuses on exploiting advanced Active Directory (AD) vulnerabilities. The certification is presented as a follow up to the CPTS.

Cost

To access the CAPE course, a gold subscription is required. This costs €1.055/year (excl. VAT), including 1 exam voucher + 1 free retake

White Knight Labs

White Knight Labs is a training provider that comes with a unique proposition. Self-managed labs. They offer a range of offensive training options each with their own set of lab scripts to deploy the labs in your own cloud environment. Their training offering mainly consists of offensive operations and development.

Advance Red Team Operations Certification (ARTOC)

The ARTOC is a self-paced cybersecurity course built for experienced professionals. Participants dive deep into offensive operations using tools like Cobalt Strike in an immersive, AWS-hosted lab environment. Students gain access to Cobalt Strike, Havoc, red team infrastructure templates, redirectors, and a collection of custom tooling to support real-world simulation and training. You’ll build and manage your own infrastructure by deploying labs into your AWS account, with optional environments available in Azure and GCP.

Cost

The course comes in On-Demand and live instructed (Virtual) format.

  • The On-Demand course costs $700 (excl. VAT)
  • The Live training course costs $1200 (excl. VAT)

Note: Lab costs (AWS, Azure, GCP) is not included

Offensive Development Practitioner Certification (ODPC)

The ODPC is a course that focuses on advanced offensive development techniques such as process injection, custom payload creation, and C2 framework usage. Throughout the course you’ll work in AWS environments and engage with live instruction to build and deploy offensive tools while bypassing modern defenses.

Cost

The course comes in On-Demand and live instructed (Virtual) format.

  • The On-Demand course costs $700 (excl. VAT)
  • The Live training course costs $1200 (excl. VAT)

Note: Lab costs (AWS, Azure, GCP) is not included

SpecterOps

The creators of Bloodhound, Ghostwriter and many offensive security other tools. Also known for their cutting edge research like ADCS, SCCM and many other security topics. SpecterOps provides advanced level training courses in the red and blue team domain taught by their experts in the field.

SpecterOps Adversary Tactics: Red Team Operations (RTO)

The Red Team operations is a live in-person 4-day training course taught by multiple SpecterOps instructors. This course is heavily hands-on focused as you get access to a custom lab where you can apply the Red Team Tactics and Techniques that are being taught in the course, while you are actively being hunted by a live Blue Team. In my opinion, this is one of the best courses teaching you Red Team techniques while also giving you important OPSEC knowledge. The course does not offer any certification or exam. However, you do receive a certificate of completion and a special course coin.

Cost

Training live or virtual costs $4.500* (excl. VAT) However, they usually offer early bird pricing and returning student discounts (25%). They also offer private training.

*The cost is based on the ticket price for their live training during SOCON 2026

SpecterOps Adversary Tactics: Identity-driven Offensive Tradecraft (IDOT)

The IDOT course is considered the follow up course on the RTO. The course offers an in-depth look on identity-driven attacks, targeting both on-premises and hybrid identities. The course adopts the Clean Source Principle and explains it very well with attacks on Kerberos, NTLM, ADCS, SCCM, Entra and even external identity providers. If you want to improve your offensive skills to the next level, this is a must have course!

Cost

Training live or virtual costs $4.500* (excl. VAT) However, they usually offer early bird pricing and returning student discounts (25%). They also offer private training.

*The cost is based on the ticket price for their live training during SOCON 2026

SANS

SEC565: Red team Operations and Adversary Emulation (GRPT)

Develop and improve Red Team operations for security controls in SEC565 through adversary emulation, cyber threat intelligence, Red Team tradecraft, and engagement planning. Learn how to execute consistent and repeatable Red Team engagements that are focused on the effectiveness of the people, processes, and technology used to defend environments.

Cost

The in-person training costs €8.230 + €905 for the On-Demand bundle. (or $8.780 + $999) Totaling €9.135 (or $9.779) (excl. VAT).

The On-Demand bundle grants 4 months access and costs $8.780 (excl. VAT)

The exam costs $999 (excl. VAT).

SEC670: Red Teaming Tools - Developing Windows Implants, Shellcode, Command and Control

Students engage in intensive hands-on lab experiences, creating custom-compiled programs that navigate contemporary defenses. Hands-on exercises introduce techniques employed by sophisticated threat actors, strengthening students’ expertise in leveraging Windows APIs, process injection, and persistence mechanisms. Through strategic application of C++ programming, analysts develop the capacity to craft tailored implants, manipulate shellcode, and establish covert command channels—skills that fundamentally elevate organizational security posture.

Cost

The in-person training costs €8.230 + €905 for the On-Demand bundle. (or $8.780 + $999) Totaling €9.135 (or $9.779) (excl. VAT).

The On-Demand bundle grants 4 months access and costs $8.780 (excl. VAT)

Synacktiv

Synacktiv is a Cyber security company founded by 2 IT security experts from France. It has grown to be one of the established names in the cyber security industry. They only recently added Live/Virtual training’s to their portfolio of services. Their training’s are delivered on-site in their Paris office, but only in French. However, the online sessions are taught in English. You can find their training schedule on their training page.

Active Directory Intrusion Tactics: Entry Level

During this five-day training, you will learn the skills necessary to perform an in-depth Active Directory penetration test. By following the five course modules, students will learn the methodology and techniques used by synacktiv’ experts during an intrusion, from anonymous access to the complete compromise of the environment and the persistence of access within it. To illustrate new concepts, learners will be guided through two comprehensive corporate environments. This training is offered in English (online) and in French (on-site).

Cost

€4.500 (excl. VAT) for In-Person or Virtual training of 5 days

Active Directory Intrusion Tactics: Advanced Level

During this five-day training, you will deepen your intrusion skills in an Active Directory environment. Guided by our experts, study advanced techniques of reconnaissance, lateral movements, elevation of privileges, extraction of secrets and persistence. To illustrate new concepts, the learners will be put in situation on two complete company environments derived from real-world scenarios.

Cost

€4.500 (excl. VAT) for In-Person or Virtual training of 5 days

Overview

Training NameCertification NameVendorTraining FormatCertificationLevelCost (excl. VAT)infoLink
Certified Red Team ProfessionalCertified Red Team Professional (CRTP)Altered SecurityLifetime access course, Videos, LabsNon-proctored exam, 24 hours, Hands-on lab + reportEntry-level$249 - $499Cost depends on lab time, includes 1 exam attemptCourse Link
Certified Red Team ExpertCertified Red Team Expert (CRTE)Altered SecurityLifetime access course, Videos, LabsNon-proctored exam, 48 hours, Hands-on lab + reportIntermediate$299 - $699Cost depends on lab time, includes 1 exam attemptCourse Link
Certified Red Team MasterCertified Red Team Master (CRTM)Altered SecurityLifetime access course, Videos, LabsNon-proctored exam, 48 hours, Hands-on lab + reportExpert$399 - $749Cost depends on lab time, includes 1 exam attemptCourse Link
Certified Evasion Techniques ProfessionalCertified Evasion Techniques Professional (CETP)Altered SecurityLifetime access course, Videos, LabsNon-proctored exam, 48 hours, Hands-on lab + reportExpert$399 - $749Cost depends on lab time, includes 1 exam attemptCourse Link
Red Team OpsCertified Red Team Operator (CRTO)Zero-Point SecurityLifetime access course, On-Demand LabsNon-proctored exam, 48 hours (spread over 4 days), Hands-on LabIntermediate£399Lifetime access, unlimited exam attemptsCourse Link
Red Team Ops IICertified Red Team Lead (CRTL)Zero-Point SecurityLifetime access course, On-Demand LabsNon-proctored exam, 72 hours (spread over 5 days), Hands-on LabIntermediate / Expert£399Course is currently undergoing rework!, normally includes: Lifetime access, unlimited exam attemptsCourse Link (old course link)
PEN-300: Advanced Evasion Techniques and Breaching DefensesOffSec Experienced Penetration Tester (OSEP)OffSecOn-Demand course, Videos, LabsProctored exam, 48 hours (+24 hours), Hands-on lab + reportExpert$1.7493 month lab access 1 exam attemptCourse Link
HTB ProLabsMultipleHack The BoxOn-Demand LabsNoEntry-level - Expert€440Annual subscription, each ProLab offers a certificate of completionLabs Link
Active Directory Penetration Tester Job-Role PathHTB Certified Active Directory Pentesting Expert (HTB CAPE)Hack The BoxOn-Demand course, LabsNon-proctored exam, 10 days, Hands-on lab + reportIntermediate / Expert€1.055Annual subscription, 1 exam attempt + retake, 100% course completion requiredCourse Link
Advance Red Team OperationsAdvance Red Team Operations Certification (ARTOC)White Knight LabsOn-Demand course, Live virtualHands-on lab (no info)Intermediate$700 or $1.200Lifetime access, 1 exam attempt, excluding Lab costsCourse Link
Offensive Development PractitionerOffensive Development Practitioner Certification (ODPC)White Knight LabsOn-Demand course, Live virtualHands-on lab (no info)Intermediate$700 or $1.200Lifetime access, 1 exam attempt, excluding Lab costsCourse Link
Adversary Tactics: Red Team OperatorXSpecterOpsLive in-person/virtualNoIntermediate$4.5004 day in-person or virtual course, SOCON 2026 priceCourse Link
Adversary Tactics: Identity Driven Offensive TradecraftXSpecterOpsLive in-person/virtualNoExpert$4.5004 day in-person or virtual course, SOCON 2026 priceCourse Link
SEC565: Red Team Operations and Adversary Emulation™GIAC Red Team Professional (GRTP)SANSLive in-person/virtualProctored exam, 2 hours, Multiple-choiceExpert€9.135 or $9.779 + $999 (exam)6 day in-person or virtual training + 4 Months On-Demand bundleCourse Link Certification Link
SEC670: Red Teaming Tools - Developing Windows Implants, Shellcode, Command and ControlXSANSLive in-person/virtualNoExpert€9.135 or $9.7796 day in-person or virtual training + 4 Months On-Demand bundleCourse Link
Active Directory Intrusion Tactics: Entry LevelXSynacktivLive in-person/virtualNoIntermediate€4.5005 day in-person (French) or virtual course (English)Course Link
Active Directory Intrusion Tactics: Advanced LevelXSynacktivLive in-person/virtualNoExpert€4.5005 day in-person (French) or virtual course (English)Course Link

Blue Team

While this blog post series focuses on offensive trainings I am convinced that it is necessary to include blue team content as it is very important to understand both sides of the playing field as an attacker as well as a defender. This section covers defensive operations, identifying, detecting, responding to, and recovering from cyber-attacks. The trainings included will help you strengthen your skills as a attacker to better understand how the defensive side works.

OffSec

OffSec’s Threat Hunting Certification (OSTH)

OffSec’s Foundational Threat Hunting (TH-200) equips cybersecurity professionals with the practical skills and knowledge needed to effectively detect and respond to threats. This course covers core threat hunting concepts, exploring the methodologies used by enterprises to track and mitigate adversaries.

Cost

The course is available in different pricing:

  • Standalone course: including 1 exam attempt, including 90 days lab access ($1.749) (excl. VAT)
  • Learn One annual subscription: including fundamental courses, KLCP and OSWP ($2.749) (excl. VAT)
  • Learn Unlimited annual subscription: including access to all of OffSec courses and unlimited exam attempts ($6.099) (excl. VAT)

OffSec Defense Analyst (OSDA)

The Security Operations and Defensive Analysis (SOC-200) course delves into the foundations of defending networks and systems against cyber threats. Learners gain practical experience within a hands-on, self-paced environment designed to teach the fundamental concepts of SOC operations.

Cost

The course is available in different pricing:

  • Standalone course: including 1 exam attempt, including 90 days lab access ($1.749) (excl. VAT)
  • Learn One annual subscription: including fundamental courses, KLCP and OSWP ($2.749) (excl. VAT)
  • Learn Unlimited annual subscription: including access to all of OffSec courses and unlimited exam attempts ($6.099) (excl. VAT)

OffSec Certified Incident Responder (OSIR)

OffSec’s Foundational Incident Response (IR-200) course provides cybersecurity professionals with practical training to prepare for, identify, and handle security incidents effectively. The course focuses on core incident response concepts and explores how organizations manage and mitigate cyber threats in real-world situations.

Cost

The course is available in different pricing:

  • Standalone course: including 1 exam attempt, including 90 days lab access ($1.749) (excl. VAT)
  • Learn One annual subscription: including fundamental courses, KLCP and OSWP ($2.749) (excl. VAT)
  • Learn Unlimited annual subscription: including access to all of OffSec courses and unlimited exam attempts ($6.099) (excl. VAT)

Hack The Box

HTB Sherlocks

HTB Sherlocks serve as defensive investigatory scenarios designed to provide hands-on practice in replicating real-life cases. Players engage in a captivating narrative of a fictional scenario, tackling various obstacles to sharpen their defensive abilities. Sherlocks are intricately woven into a dynamic simulated corporate setting, elevating the overall learning journey.

HTB recently acquired the LetsDefend platform. This will result in more content available on the platform.

Cost

HTB Sherlocks are part of the HTB Labs and have multiple pricing options:

  • Free: Only access to active machines.
  • VIP+ costs €21/month or €190/year (excl. VAT). This gives access to the whole content library and personal machine instances.

HTB Certified Defensive Security Analyst

is a highly hands-on certification that assesses the candidates’ security analysis, SOC operations, and incident handling skills. HTB Certified Defensive Security Analyst (HTB CDSA) certification holders will possess technical competency in the security analysis, SOC operations, and incident handling domains at an intermediate level.

Cost

To access the CDSA course only the silver subscription is required. This costs €410 (excl. VAT) for 1 year, including 1 exam voucher + 1 free retake.

Security Blue Team

Blue Team Labs Online

A gamified platform for defenders to practice your skills in security investigations and challenges covering; Incident Response, Digital Forensics, Security Operations, Reverse Engineering, and Threat Hunting.

Cost

The platform has 2 tiers:

  • Free Tier: access to all security challenges
  • Paid Tier: £15/Month* (excl. VAT) with access to 221 unique investigation labs

* They offer bulk discounts e.g. £144/year (20% off)

Blue Team Level 1 (BTL1)

BTL1 is designed to train technical defenders that are capable of defending networks and responding to cyber incidents. The skills and tools you’ll learn in this course will be directly applicable to a range of security roles, and are actively used by defenders around the world.

Cost

£399 (excl. VAT) for 4 months of On-Demand training material access + certification attempt

Blue Team Level 2 (BTL2)

Advanced Security Operations training and certification which covers Malware Analysis, Threat Hunting, Vulnerability Management, and Advanced SIEM and Emulation.

Cost

£1.999 (excl. VAT) for 5 months of On-Demand training material access + certification attempt

CyberDefenders

CyberDefenders provides a specialized training platform focused on blue team skills for SOC analysts, threat hunters, DFIR professionals, and security teams. Their offerings include hands-on cyber-range labs, guided courses, and a certification path.

Certified CyberDefender (CCD)

CCD is a hands-on, self-paced SOC Analyst certification covering perimeter defense, threat hunting, DFIR, and malware analysis.

Cost

The course costs $800 (excl. VAT). This includes:

  • 1 year course access
  • 4 month lab access
  • 2 exam attempts (which expire after 1 year)

FalconForce

Advanced Detection Engineering in the Enterprise

The instructor-led training focuses on the entire detection engineering cycle. Guiding participants in defining a scope, researching the relevant (sub-)techniques, building the detection analytic, investigating which logs can be utilized, and validating the resilience of the analytic against evasion.

Cost

The 4-day In-Person course costs $5,500* (excl. VAT)

* cost is based on Blackhat 2025 training price

SpecterOps

SpecterOps Adversary Tactics: Tradecraft Analysis

This course teaches the importance of understanding the inner workings of adversarial techniques and telemetry availability and provide a workflow for developing robust detection analytics or data driven evasion decisions. Focusing on various Windows components and adversary tactics, techniques, and procedures (TTPs), you will dive deep into how software abstracts underlying capabilities and how attackers can interact with deeper layers to bypass superficial detection capabilities.

Cost

Training live or virtual costs $4500* (excl. VAT) However, they offer early bird pricing and returning student discounts. They also offer private training.

*The cost is based on the ticket price for their live training during SOCON 2026

SpecterOps Adversary Tactics: Detection

This course provides you the understanding and ability to build robust detections, starting with the “Why?” and going all the way to the technical implementation of detecting threat actor activity. You will learn how to apply advanced detection and response methodologies and technical approaches practiced, regardless of the security toolsets deployed in your organization.

Cost

Training live or virtual costs $4500* (excl. VAT) However, they offer early bird pricing and returning student discounts. They also offer private training.

*The cost is based on the ticket price for their live training during SOCON 2026

Threathunting Academy

A Belgian training provider that focuses on delivering live training on defensive security topics with insights from the offensive side. They deliver practical instructed in-person training sessions. The team consists of Luk and Pieter-Jan, who have numerous years of experience in the industry and a portfolio of cyber certifications in their name.

Threathunting Academy: Evasion

This training is a practical training program that combines offensive and defensive cybersecurity techniques to teach advanced evasion methods. Through hands-on labs, participants will learn how adversaries operate and how to counter their tactics effectively.

Cost

The in-person training costs €2.500 (excl. VAT)

DXC

Operational Purple Teaming for Defenders

This hands-on training connects red and blue in a series of live attack-defense exercises and demos. The group of participants will work as one team against a simulated threat actor, APT 0x00, with full disclosure of the attacker’s progress and technical insights on the executed techniques. The adversary’s capability and stealth will steadily improve over the course of the training. This training is frequently taught at various security conferences such as Brucon and Black Hat.

Cost

The training cost for a 3-day training is €1.892* (excl. VAT).

* BRUCON 2026 pricing

SANS

SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defences (GDAT)

Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses will arm you with the knowledge and expertise you need to overcome today’s threats. Recognizing that a prevent-only strategy is not sufficient, we will introduce security controls aimed at stopping, detecting, and responding to your adversaries through a purple team strategy.

Cost

The in-person training costs €8.230 + €905 for the On-Demand bundle. (or $8.780 + $999) Totaling €9.135 (or $9.779) (excl. VAT).

The On-Demand bundle grants 4 months access and costs $8.780 (excl. VAT).

The exam costs $999 (excl. VAT).

SEC699: Advanced Purple Teaming - Adversary Emulation & Detection engineering

SEC699 is SANS’s advanced purple team offering, with a key focus on adversary emulation for data breach prevention and detection. Throughout this course, students will learn how real-life threat actors can be emulated in a realistic enterprise environment, including multiple AD forests. In true purple fashion, the goal of the course is to educate students on how adversarial techniques can be emulated (manual and automated) and detected (use cases / rules and anomaly-based detection). A natural follow-up to SEC599, this is an advanced SANS course offering, with 60 percent of class time spent in 29 hands-on labs!

Cost

The in-person training costs €8.230 + €905 for the On-Demand bundle. (or $8.780 + $999) Totaling €9.135 (or $9.779) (excl. VAT).

The On-Demand bundle grants 4 months access and costs $8.780 (excl. VAT).

Overview

Training NameCertification NameVendorTraining FormatCertificationLevelCost (excl. VAT)InfoLink
TH-200: Foundational Threat HuntingOffSec’s Threat Hunting certification (OSTH)OffSecOn-Demand, LabsProctored exam, 8 + 24 hours, Exercises + reportEntry-Level$1.7493 Month lab access 1 exam attemptCourse Link
SOC-200: Foundational Security Operations and Defensive AnalysisOffSec Defense Analyst (OSDA)OffSecOn-Demand, LabsProctored exam, 24 + 24 hours, Hands-on Labs + reportEntry-Level - Intermediate$1.7493 Month lab access 1 exam attemptCourse Link
IR-200: Foundational Incident ResponseOffSec Certified Incident Responder (OSIR)OffSecOn-Demand, LabsProctored exam, 8 + 24 hours, Exercises + reportEntry-Level$1.7493 Month lab access 1 exam attemptCourse Link
Hack The Box SherlocksXHack The BoxOn-Demand, LabsNoEntry-Level - ExpertFree or €21/monthVIP+: Annual subscriptionLabs Link
SOC Analyst Job-Role PathHTB Certified Defensive Security Analyst (HTB CDSA)Hack The BoxOn-Demand, LabsNon-Proctored exam, 7 days, Hands-on Labs + reportEntry-Level - Intermediate€410Annual subscription, 1 exam attempt + retake, 100% course completion requiredCourse Link
Blue Team Labs OnlineXSecurity Blue TeamOn-Demand, LabsNoEntry-Level - ExpertFree or £15/MonthMonthly subscriptionLabs Link
Blue Team Level 1Blue Team Level 1 (BTL1)Security Blue TeamOn-DemandNon-proctored exam, 24 hours, Multiple-choice, LabsIntermediate£3994 Month access, 1 exam attempt + retakeCourse Link
Advanced Security Operations trainingBlue Team Level 2 (BTL2)Security Blue TeamOn-Demand, LabsProctored exam, 72 hours, Hands-on Labs + reportExpert£1.9995 Month access, 1 exam attempt + retakeCourse Link
SOC Analyst Tier 1Certified CyberDefender (CCD)CyderDefendersOn-Demand, LabsNon-proctored exam, 48 hours, Hands-on LabsIntermediate$8004 Month access, 1 exam attempt + retakeCourse Link
Advanced Detection Engineering in the EnterpriseXFalconForceLive in-person/virtualNoExpert$5.5004 day in-person or virtual training, BlackHat 2025 pricingCourse Link
Adversary Tactics: DetectionXSpecterOpsLive in-person/virtualNoIntermediate$4.5004 day in-person or virtual training, SOCON 2026 PricingCourse Link
Adversary Tactics: Tradecraft AnalysisXSpecterOpsLive in-person/virtualNoExpert$4.5004 day in-person or virtual training, SOCON 2026 PricingCourse Link
Threathunter Academy: EvasionXThreathunterAcademyLive in-person/virtualNoExpert€2.5002 day in-person or virtual trainingCourse Link
Operational Purple Teaming for DefendersXDXCLive in-person/virtualNoIntermediate€1.8923 day in-person or virtual training, BRUCON 2026 pricingCourse Link
SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses™GDAT: GIAC Defending Advanced ThreatsSANSLive in-person/virtualProctored exam, 2 hours, Multiple-choiceExpert€9.135 or $9.779 + $999 (exam)6 day in-person or virtual training + 4 Months On-Demand bundleCourse Link Certification Link
SEC699: Advanced Purple Teaming - Adversary Emulation & Detection Engineering™XSANSLive in-person/virtualNoExpert€9.135 or $9.7795 day in-person or virtual training + 4 Months On-Demand bundleCourse Link

Footnote

The trainings listed here are based on publicly available information as of October 2025, and prices or details may change over time.

If you know of other red team and blue team trainings that deserve a mention, feel free to reach out. I’d love to include them in future updates or upcoming parts of the series.

Additional Resources