OTCEP 2025 - Purple Teaming Workshop

This repository contains materials from the Purple Teaming Workshop conducted at OTCEP 2025 by the Attack Simulation Group (ASG).

Contents

📄 OTCEP 2025.pdf

Contains the complete slide deck used during the Purple Teaming Workshop.

📦 OTCEP25.zip

Contains all the practical exercises and hands-on materials conducted during the workshop, including:

• Obfuscate a payload (PowerCat) with a given prompt
• Leveraging AI to converting a PowerShell payload into NodeJS
• Using AI to generate Splunk Search Processing Language (SPL) from Sigma Rules
• Using AI to improve on previously generated SPL query

⚠️ Important Security Notice

Windows Defender Warning: The OTCEP25.zip file contains PowerCat payload that may be flagged as malicious by Windows Defender and other antivirus solutions.

Required Action:

Before extracting or using the contents of OTCEP25.zip, you must whitelist the entire folder where this repository is cloned to prevent Windows Defender from automatically deleting the files.

To whitelist the folder:

1. Open Windows Security (Windows Defender)
2. Go to Virus & threat protection
3. Click on "Manage settings" under Virus & threat protection settings
4. Click on "Add or remove exclusions"
5. Add the full path to this repository folder as an exclusion

Usage

1. Review the slides: Open OTCEP 2025.pdf to understand the workshop concepts and methodology
2. Whitelist the folder: Follow the security notice above before proceeding
3. Extract exercises: Safely extract OTCEP25.zip to access the practical materials
4. Follow workshop guidelines: Use the materials responsibly and only in authorized testing environments

Disclaimer

These materials are intended for educational and authorized security testing purposes only. Users are responsible for ensuring compliance with all applicable laws and organizational policies when using these tools and techniques.

---

Conducted by: Attack Simulation Group (ASG)
Event: OTCEP 2025
Workshop: Purple Teaming Workshop