Adversary Simulation and Red Team Tactics

This intense course covers the skills required to conduct a simulation of a sophisticated adversary, including the latest tradecraft and offensive tactics. During the training you will gain insight in to planning and conducting a red team operation including all the steps required to perform efficient opensource intelligence, design and automate the deployment of operational infrastructure, gain initial access and perform post-exploitation and lateral movement. You will learn how to bypass defensive controls including anti-virus, EDR, AMSI and application whitelisting that will leave you equipped to target even the most mature environments.
The course syllabus is as follows:
1 - Introduction to Red Team Operations

Introduction
Operation Structure
Operation Methodology
Course logistics

2 – Reconnaissance

Passive Reconnaissance
Active Reconnaissance

3 - Infrastructure Design and Automation

Infrastructure Design Concepts
Redirectors
Domains, Reputation and Categorisation
Domain Fronting
Automation
Cobalt Strike and Malleable Profiles

4 - Initial Access Techniques

Execution Cradles
Office VBA and Excel4.0 Macros
OLE
ClickOnce
Windows Script Host
HTML Applications
Shortcut Files

5 - Defensive Evasion

Creating Advanced Payloads
AMSI
VBA Stomping
HTML Smuggling
Keying
Application Whitelisting
Parent Process Spoofing
Argument Confusion
Decoupling Execution

6 - Host Triage

Identifying Defensive Solutions
Situational Awareness
User Profiling
Web Browsers
Password Managers

7 – Persistence

User-land Persistence
Office Persistence
COM Hijacking
Junction Folders
Administrative Persistence
WMI Event Subscription

8 - Privilege Escalation

Insecure Windows Services
Privilege Escalation Through the OS
UAC

9 - Pivoting and Lateral Movement

Validating Privilege
Peer to Peer C2
PSExec
WMI
DCOM
WinRM
Pivoting

10 - Exploiting Active Directory

AD Recon and Enumeration
Group Policy
Kerberoasting
AS-REP
Access Control Attacks
Constrained and Unconstrained Delegation
Microsoft LAPS
Exploiting SQL
Credential Recovery

Learning ObjectivesRed teams are continually sharpening their tradecraft to evade ever evolving defensive countermeasures. This challenging 3-day training course provides in-depth opportunity to learn the latest in advanced tradecraft from seasoned red team operators.
During the course, you will learn how to plan and execute a sophisticated red team operation against a mature organisation, evading defensive countermeasures along the way. We will cover the full life cycle of a red team operation from reconnaissance, efficient infrastructure deployment, techniques for gaining initial access, performing post-exploitation, establishing persistence and moving laterally.
The training course is heavily focused on the use and extension of Cobalt Strike; during the course students will have access to the licensed copy of the implant and will learn how to extend it using features such as the resource kit.
Following the training students will be equipped to:

Perform in-depth opensource intelligence gathering,
Automate efficient infrastructure deployment,
Build sophisticated payloads for gaining initial access,
Evade security controls such as anti-virus, AMSI and application whitelisting,
Perform post-exploitation tasks such as host and network reconnaissance,
Pivot to n-tiered networks using SOCKS,
Establish persistence,
Perform Active Directory attacks such as kerberoasting, ASREP, abuse unconstrained delegation and exploit insecure ACLs,
Move laterally across a Windows estate.

Student Requirements:
Students will require a laptop with administrator rights and WiFi. Each student will receive their own dedicated lab environment for the course which can be accessed using a web browser.
Target Audience:
This course is aimed at experienced penetration testers looking to gain entry in to the red team world, as well as seasoned red teamers looking to advance or sharpen their tradecraft.
What's Included:

Three days training
Beverages and snacks during breaks
Daily lunch

Accommodation:
The training will take place at MDSec's office, located at 32a Park Green, Macclesfield, Cheshire. Several hotels are located in local proximity, including:

www.travelodge.co.uk/hotels/412/Macclesfield-Central-hotel
www.tripadvisor.co.uk/Hotel_Review-g191278-d14199208-Reviews-Sleep_Eat_Repeat-Macclesfield_Cheshire_England.html

What Our Students Say:
"Upgrade your arsenal, step up the game" - Tiago Sintra
"If you don't know where to start, this is the place." - Anonymous
"A wealth of useful red team information based on experience, provided by top class industry experts. I highly recommend this course." - Charlie Clark
"Fantastic course. Up to date, relevant and delivered in an easy to understand fashion. Excellent value and extremely informative" - Ian Lyte
"Zero to Hero?  Not quite.  But it's a great opener to understanding  RedTeam principles and feels like the missing course for getting started with Cobalt Strike." - Adam
"The training was amazing, and I would highly recommend it to anyone wanting to work in the red team field, and those already working in the field" - Anonymous
"A great learning experience,  lots of technical skills learnt and some great tips on mindset for approaching RT engagements." - Anonymous
"An essential follow up to an OSCP to adapt your knowledge to a red-team role" - Jamie Grive
FAQs
How can I contact the organizer with any questions?
For further information or to pose any questions please contact MDSec on contact@mdsec.co.uk
Tickets can also be purchased directly with an invoice by contacting MDSec directly.
What's the refund policy?
Full refunds will be provided up to 7 days before the course start date
PLEASE NOTE, MINIMUM COURSE NUMBERS APPLY - A FULL REFUND WILL BE PROVIDED IN THE EVENT THAT THE COURSE DOES NOT PROCEED
 

Join Tech Manchester

Register