Participants will each receive a dedicated cloud hosted lab environment that they will access using their own laptop via a web interface (participant devices will simply require a modern web browser (Chrome, Safari, Firefox, Edge) using conference Wifi or their own mobile hotspots. This lab will be largely preconfigured and based on the open source tool, Splunk attack_range (https://attack-range.readthedocs.io/en/latest/index.html) and utilise open source tooling from Atomic Red Team (ART) to simulate common techniques from MITRE ATT&CK and perform analysis of the resulting data in Splunk. Participants will be guided step by step through this process and gain an understanding of the process to perform attack simulation and analyse resulting data using open source tooling they can adapt to suit their own purposes. We will also provide a detailed overview and demonstration of the process to configure and build the lab environments so they can use this knowledge in their own time after the workshop (their lab environments will be preconfigured for the sake of time/efficiency). We will also cover techniques to build efficient and high fidelity detection of threats through alignment with MITRE ATT&CK using an approach that can be adapted to other security analytics or SIEM solutions based on the data generated from these attack simulations.