Adversary Simulation and Red Team Tactics
This intense course covers the skills required to conduct a simulation of a sophisticated adversary, including the latest tradecraft and offensive tactics. During the training you will gain insight in to planning and conducting a red team operation including all the steps required to perform efficient opensource intelligence, design and automate the deployment of operational infrastructure, gain initial access and perform post-exploitation and lateral movement. You will learn how to bypass defensive controls including anti-virus, EDR, AMSI and application whitelisting that will leave you equipped to target even the most mature environments.
The course syllabus is as follows:
1 - Introduction to Red Team Operations
2 – Reconnaissance
3 - Infrastructure Design and Automation
Infrastructure Design Concepts
Domains, Reputation and Categorisation
Cobalt Strike and Malleable Profiles
4 - Initial Access Techniques
Office VBA and Excel4.0 Macros
Windows Script Host
5 - Defensive Evasion
Creating Advanced Payloads
Parent Process Spoofing
6 - Host Triage
Identifying Defensive Solutions
7 – Persistence
WMI Event Subscription
8 - Privilege Escalation
Insecure Windows Services
Privilege Escalation Through the OS
9 - Pivoting and Lateral Movement
Peer to Peer C2
10 - Exploiting Active Directory
AD Recon and Enumeration
Access Control Attacks
Constrained and Unconstrained Delegation
Learning ObjectivesRed teams are continually sharpening their tradecraft to evade ever evolving defensive countermeasures. This challenging 3-day training course provides in-depth opportunity to learn the latest in advanced tradecraft from seasoned red team operators.
During the course, you will learn how to plan and execute a sophisticated red team operation against a mature organisation, evading defensive countermeasures along the way. We will cover the full life cycle of a red team operation from reconnaissance, efficient infrastructure deployment, techniques for gaining initial access, performing post-exploitation, establishing persistence and moving laterally.
The training course is heavily focused on the use and extension of Cobalt Strike; during the course students will have access to the licensed copy of the implant and will learn how to extend it using features such as the resource kit.
Following the training students will be equipped to:
Perform in-depth opensource intelligence gathering,
Automate efficient infrastructure deployment,
Build sophisticated payloads for gaining initial access,
Evade security controls such as anti-virus, AMSI and application whitelisting,
Perform post-exploitation tasks such as host and network reconnaissance,
Pivot to n-tiered networks using SOCKS,
Perform Active Directory attacks such as kerberoasting, ASREP, abuse unconstrained delegation and exploit insecure ACLs,
Move laterally across a Windows estate.
Students will require a laptop with administrator rights and WiFi. Each student will receive their own dedicated lab environment for the course which can be accessed using a web browser.
This course is aimed at experienced penetration testers looking to gain entry in to the red team world, as well as seasoned red teamers looking to advance or sharpen their tradecraft.
Three days training
Beverages and snacks during breaks
The training will take place at MDSec's office, located at 32a Park Green, Macclesfield, Cheshire. Several hotels are located in local proximity, including:
What Our Students Say:
"Upgrade your arsenal, step up the game" - Tiago Sintra
"If you don't know where to start, this is the place." - Anonymous
"A wealth of useful red team information based on experience, provided by top class industry experts. I highly recommend this course." - Charlie Clark
"Fantastic course. Up to date, relevant and delivered in an easy to understand fashion. Excellent value and extremely informative" - Ian Lyte
"Zero to Hero? Not quite. But it's a great opener to understanding RedTeam principles and feels like the missing course for getting started with Cobalt Strike." - Adam
"The training was amazing, and I would highly recommend it to anyone wanting to work in the red team field, and those already working in the field" - Anonymous
"A great learning experience, lots of technical skills learnt and some great tips on mindset for approaching RT engagements." - Anonymous
"An essential follow up to an OSCP to adapt your knowledge to a red-team role" - Jamie Grive
How can I contact the organizer with any questions?
For further information or to pose any questions please contact MDSec on firstname.lastname@example.org
Tickets can also be purchased directly with an invoice by contacting MDSec directly.
What's the refund policy?
Full refunds will be provided up to 7 days before the course start date
PLEASE NOTE, MINIMUM COURSE NUMBERS APPLY - A FULL REFUND WILL BE PROVIDED IN THE EVENT THAT THE COURSE DOES NOT PROCEED