Our best in class red team can deliver a holistic cyber attack simulation to provide a true evaluation of your organisation’s cyber resilience.
Leverage the team behind the industry-leading Web Application and Mobile Hacker’s Handbook series.
MDSec’s penetration testing team is trusted by companies from the world’s leading technology firms to global financial institutions.
Our certified team work with customers at all stages of the Incident Response lifecycle through our range of proactive and reactive services.
MDSec’s dedicated research team periodically releases white papers, blog posts, and tooling.
MDSec’s training courses are informed by our security consultancy and research functions, ensuring you benefit from the latest and most applicable trends in the field.
View insights from MDSec’s consultancy and research teams.
This intense course covers the skills required to conduct a simulation of a sophisticated adversary, including the latest tradecraft and offensive tactics. During the training you will gain insight in to planning and conducting a red team operation including all the steps required to perform efficient opensource intelligence, design and automate the deployment of operational infrastructure, gain initial access and perform post-exploitation and lateral movement. You will learn how to bypass defensive controls including anti-virus, EDR, AMSI and application whitelisting that will leave you equipped to target even the most mature environments.
Red teams are continually sharpening their tradecraft to evade ever evolving defensive countermeasures. This challenging 4-day training course provides in-depth opportunity to learn the latest in advanced tradecraft from seasoned red team operators from the comfort of your own cloud-based lab environment, in the browser! This course is not just about learning how to run tools, students will learn how the tools work under the hood as well as how to develop and customise their own; an essential skill for any red teamer.
Our advanced and fast-paced course provides attendees with all the necessary skills to conduct a simulation of a sophisticated adversary. We deep dive in to the latest tradecraft and offensive techniques required to target mature environments with modern defences, up-to-date operating systems and finely-honed blue teams. You will learn how to write your own advanced initial access payloads, equipped with strategies to bypass modern EDP/EDR solutions including PPID spoofing, argument confusion, blocking of third-party DLLs, AMSI bypasses and how to remove userland hooks.
During this training, you will be equipped with the necessary knowledge provided by recognised industry red team experts to plan, manage and perform an advanced red team operation.
These steps include the essential knowledge to perform efficient and targeted opensource intelligence, design and automate the deployment of operation infrastructure, gain initial access to a target using sophisticated payloads with defensive evasion techniques, perform host triage, persistence and privilege escalation and move laterally whilst exploiting common Active Directory misconfigurations.
At the end of the training students will walk away equipped to target even the most mature environments and budding with knowledge about the indicators they didn’t know their tools were emitting, but the blue team did!
Topics covered during the training include:
Day 1:
Day 2:
Day 3:
The course follows a theory, demonstration, lab and review model. The theory to each topic is first outlined including instructor-driven on-screen demonstrations to show the internals of the techniques. Students are then given the freedom to implement the techniques in their lab using their own c2 channel as if it were a real red team operation. A full lab guide walkthrough is also provided to keep everyone on track. Finally, the lab solutions are reviewed with Q and A to ensure full knowledge transfer takes place. Each module lasts approximately one hour thirty minutes, with around one hour of lab time.
Day 4:
About the Lab:
The course lab simulates an end-to-end sophisticated cyber-attack against the Iron Bank of Braavos. Before kicking off the lab, you will review the threat intelligence report (courtesy of MITRE) on the adversary we intend to simulate; the Cobalt Group. After absorbing the TTPs used by this group, you will kick off the lab journey by performing reconnaissance against the bank to identify potential entry points. You will then proceed to deploying your red team infrastructure and conduct a spear phishing campaign using advanced initial access techniques to obtain a foothold on the bank’s internal network. You will then learn to privilege escalate, move laterally and exploit Active Directory weaknesses to achieve your “beyond domain admin” objectives. Our lab uses the latest Windows OS’, with anti-virus, AMSI and custom EDP solutions; if you think your PowerShell one-liner macros will cut it, think again!
Each student receives access to their own dedicated multi-tiered Active Directory environment hosted in the cloud. The lab is accessed through the web browser, providing full interactive use through a kali image with Cobalt Strike.
Learning Objectives:
Red teams are continually sharpening their tradecraft to evade ever evolving defensive countermeasures. This challenging 4-day training course provides in-depth opportunity to learn the latest in advanced tradecraft from seasoned red team operators.
During the course, you will learn how to plan and execute a sophisticated red team operation against a mature organisation, evading defensive countermeasures along the way. We will cover the full life cycle of a red team operation from reconnaissance, efficient infrastructure deployment, techniques for gaining initial access, performing post-exploitation, establishing persistence and moving laterally.
The training course is heavily focused on the use and extension of Cobalt Strike; during the course students will have access to the licensed copy of the implant and will learn how to extend it using features such as the resource kit.
Following the training students will be equipped to:
Stay updated with the latest
news from MDSec.