SO-CON 2021
Contact Us

Course Summary – 4 Day Offering

As organizations work to keep from becoming the next breach headline, they increasingly look to exercise their defenses through simulation of the sophisticated attackers they face. Organizations that have adopted an “assume breach” mentality understand it's a matter of when - not if - they will be compromised by these adversaries. The best way to test enterprise security operations against advanced threat actors is through application of the adversary mindset - commonly known as red teaming - through exercises that leverage the same tactics, techniques and procedures (TTPs) as real adversaries. If you’re looking to learn the tradecraft of adversary simulation operations in enterprise environments, sharpen your offensive technical skillset, and understand how to detect modern offensive tradecraft, this is the course for you.

This intense course immerses students in a single simulated enterprise environment, with multiple domains, up-to-date and patched operating systems, modern defenses, and active network defenders responding to malicious activities. In keeping with the assumed breach mentality, the course provides detailed attacker tradecraft post initial access, which includes; performing host situational awareness and "safety checks", establishing resilient command and control (C2) infrastructure, escalation privileges locally, breaking out of the beachhead, performing advanced lateral movement, escalating in Active Directory, performing advanced Kerberos attacks, and achieving red team objectives via data mining and exfiltration.

The course focuses on “offense-in-depth”, the ability to rapidly adapt to defensive mitigations and responses with a variety of offensive tactics and techniques. To drive this concept home, students will go up against live incident responders that actively hunt for and block malicious activity in the environment. The responders will provide real-time feedback and a daily summary to students to demonstrate what artifacts attacks can leave behind, and how students can adapt their tradecraft to minimize their footprint.

Learn to use some of the most well-known offensive tools from the authors themselves, including co-creators and developers of Mythic, PowerView, PowerShell Empire, Unmanaged Powershell, Covenant, Merlin, Rubeus, GhostPack, and BloodHound!

Day 1
  • Introduction & Course Overview
  • Red Team Operations Overview
  • Attack Infrastructure
  • Lab Introduction
  • Host Situational Awareness
  • C#\PowerShell Weaponization
  • Local Privilege Escalation
Day 2
  • Defensive Debrief of Day 1 Student Tradecraft
  • An Introduction to Adversary Detection
  • Credential Abuse
  • Active Directory Situational Awareness
  • Payload Methodology
  • Lateral Movement
  • SQL Abuse
Day 3
  • Defensive Debrief of Day 2 Student Tradecraft
  • OPSEC Considerations
  • Active Directory Domain Trusts
  • Kerberos Overview
  • Kerberos Attacks (Golden Tickets, Silver Tickets, and Forged Ticket Detection)
Day 4
  • Defensive Debrief of Day 3 Student Tradecraft
  • BloodHound - Visualizing Attack Paths
  • Data Protection API (DPAPI)
  • Advanced Kerberos Attacks
  • Complete Lab Debrief
  • Final Defensive Debrief and Evaluation of Student Tradecraft

Private Onsite Training

If a public offering of the training classes does not fit your busy schedule, our team of experts are available to provide a private training offering to your organization. This is by far the best way for your team to get one on one access to the instructors and solidify the material. We provide all training material as well as laptops and classroom locations if needed.

Ready To Get Started?