Contact Us

Course Summary – 2 Day Offering

During red team operations, operators often find themselves in situations with no obvious path to escalate and break out of the beachhead - target systems are patched, automated tooling doesn't detect abusable misconfigurations, exploitation frameworks fall flat, and the common manual analysis techniques are exhausted. In these situations, an operator's ability to rapidly find and triage previously undisclosed vulnerabilities can mean the difference between achieving objectives and providing an effective red team engagement or remaining stuck on that beachhead and backtracking in pursuit of other avenues.

In Adversary Tactics: Vulnerability Research for Operators, you will learn an operator-focused approach to find the vulnerabilities needed to escalate privileges, execute arbitrary code, or facilitate lateral movement in Windows environments. We will give you the methodology and identify tools to find these weaknesses during active operations, when costly lead time and dedicated lab environments are unavailable. This course covers the vulnerability classes that SpecterOps routinely finds on engagements and dives into their root causes, identification techniques, and exploitation methods. Finally, you will learn to make each vulnerability operational with hands-on exercises designed for various experience levels (from beginner to advanced). You don't need to be an exploitation wizard to achieve success as a red team operator, but you will find the ability to quickly triage and operationalize concepts presented will increase your effectiveness when operating in mature environments.

Day 1
  • Introduction to Vulnerability Research
  • Tools of the Trade
  • Windows Access Control List (ACL) Abuses
  • .NET Vulnerabilities
Day 2
  • Interprocess Communication (IPC)
  • File & Protocol Handlers
  • File System Bugs
  • Driver-Based Vulnerabilities
  • Vulnerability Disclosure

Private Onsite Training

If a public offering of the training classes does not fit your busy schedule, our team of experts are available to provide a private training offering to your organization. This is by far the best way for your team to get one on one access to the instructors and solidify the material. We provide all training material as well as laptops and classroom locations if needed.

Ready To Get Started?