This intense course covers the skills required to conduct a simulation of a sophisticated adversary, including the latest tradecraft and offensive tactics. During the training you will gain insight in to planning and conducting a red team operation including all the steps required to perform efficient opensource intelligence, design and automate the deployment of operational infrastructure, gain initial access and perform post-exploitation and lateral movement. You will learn how to bypass defensive controls including anti-virus, EDR, AMSI and application whitelisting that will leave you equipped to target even the most mature environments.
Red teams are continually sharpening their tradecraft to evade ever evolving defensive countermeasures. This challenging 4-day training course provides in-depth opportunity to learn the latest in advanced tradecraft from seasoned red team operators from the comfort of your own cloud-based lab environment, in the browser! This course is not just about learning how to run tools, students will learn how the tools work under the hood as well as how to develop and customise their own; an essential skill for any red teamer.
Our advanced and fast-paced course provides attendees with all the necessary skills to conduct a simulation of a sophisticated adversary. We deep dive in to the latest tradecraft and offensive techniques required to target mature environments with modern defences, up-to-date operating systems and finely-honed blue teams. You will learn how to write your own advanced initial access payloads, equipped with strategies to bypass modern EDP/EDR solutions including PPID spoofing, argument confusion, blocking of third-party DLLs, AMSI bypasses and how to remove userland hooks.
During this training, you will be equipped with the necessary knowledge provided by recognised industry red team experts to plan, manage and perform an advanced red team operation.
These steps include the essential knowledge to perform efficient and targeted opensource intelligence, design and automate the deployment of operation infrastructure, gain initial access to a target using sophisticated payloads with defensive evasion techniques, perform host triage, persistence and privilege escalation and move laterally whilst exploiting common Active Directory misconfigurations.
At the end of the training students will walk away equipped to target even the most mature environments and budding with knowledge about the indicators they didn’t know their tools were emitting, but the blue team did!
Topics covered during the training include:
The course follows a theory, demonstration, lab and review model. The theory to each topic is first outlined including instructor-driven on-screen demonstrations to show the internals of the techniques. Students are then given the freedom to implement the techniques in their lab using their own c2 channel as if it were a real red team operation. A full lab guide walkthrough is also provided to keep everyone on track. Finally, the lab solutions are reviewed with Q and A to ensure full knowledge transfer takes place. Each module lasts approximately one hour thirty minutes, with around one hour of lab time.
About the Lab:
The course lab simulates an end-to-end sophisticated cyber-attack against the Iron Bank of Braavos. Before kicking off the lab, you will review the threat intelligence report (courtesy of MITRE) on the adversary we intend to simulate; the Cobalt Group. After absorbing the TTPs used by this group, you will kick off the lab journey by performing reconnaissance against the bank to identify potential entry points. You will then proceed to deploying your red team infrastructure and conduct a spear phishing campaign using advanced initial access techniques to obtain a foothold on the bank’s internal network. You will then learn to privilege escalate, move laterally and exploit Active Directory weaknesses to achieve your “beyond domain admin” objectives. Our lab uses the latest Windows OS’, with anti-virus, AMSI and custom EDP solutions; if you think your PowerShell one-liner macros will cut it, think again!
Each student receives access to their own dedicated multi-tiered Active Directory environment hosted in the cloud. The lab is accessed through the web browser, providing full interactive use through a kali image with Cobalt Strike.
Red teams are continually sharpening their tradecraft to evade ever evolving defensive countermeasures. This challenging 4-day training course provides in-depth opportunity to learn the latest in advanced tradecraft from seasoned red team operators.
During the course, you will learn how to plan and execute a sophisticated red team operation against a mature organisation, evading defensive countermeasures along the way. We will cover the full life cycle of a red team operation from reconnaissance, efficient infrastructure deployment, techniques for gaining initial access, performing post-exploitation, establishing persistence and moving laterally.
The training course is heavily focused on the use and extension of Cobalt Strike; during the course students will have access to the licensed copy of the implant and will learn how to extend it using features such as the resource kit.
Following the training students will be equipped to: