introduction
Learn to Be Your Organization’s Own Worst Enemy
Organizations rely on red team operations to exercise their defensive capabilities and continually hone and strengthen its security posture. As defenses evolve, however, it can be tough for red teams to stay ahead and provide that much-needed adversary for blue teams to practice against. What’s a red teamer to do? How can one keep up with the near-daily changing industry? Adversary Tactics: Red Team Operations helps close that gap for red teamers, providing practical tradecraft for operators to use on their next test and guidance for how to maintain that edge over time.
course summary
Red Team Operations
Upgrade your red team tradecraft with cutting-edge Tactics, Techniques, and Procedures (TTPs) used by attackers in real-world breaches. This course will teach participants how to infiltrate networks, gather intelligence, and covertly persist to simulate advanced adversaries. Participants will use the skillsets taught in this course to go up against incident response in a complex lab environment designed to mimic an enterprise network. You’ll learn to adapt and overcome active response operations through collaborative feedback as the course progresses.
Day 1
- Introduction & Course Overview
- Lab and course range infrastructure
- Red Team Operations
- Attack Infrastructure
- Host Situational Awareness
- PowerShell Weaponization
- Privilege Escalation
Day 2
- An Introduction to Hunting
- Credential Abuse
- AD Situational Awareness
- Payload Methodology
- Pivoting and Lateral Movement
- SQL Abuse
Day 3
- OPSEC Considerations
- Domain Trusts
- Kerberos
- Golden Tickets
- Silver Tickets and Forged Ticket Detection
Day 4
- Visualizing Attack Paths with BloodHound
- DPAPI
- Kerberos Delegation Abuse
- CTF and capstone conclusion
- Lab Debrief
- Defensive Debrief
Overview
Adversary Tactics: Red Team Operations immerses participants in a single simulated enterprise environment, with multiple networks, hardened endpoints, modern defenses, and active network defenders responding to red team activities. We will focus on in-depth attacker tradecraft for post-initial access; breaking out of the beachhead, establishing resilient command and control (C2) infrastructure, gaining situational awareness through OPSEC-aware host and network enumerations, performing advanced lateral movement and sophisticated Active Directory escalation, gaining persistence (userland, elevated, and domain flavors), and performing advanced Kerberos attacks, data mining, and exfiltration. All while focusing on the importance of “offense-in-depth,” the ability to rapidly adapt to defensive mitigations and responses with a variety of offensive tactics and techniques.
Come learn to use some of the most well-known offensive tools from the authors themselves, including co-creators and developers of PowerView, PowerShell Empire, Covenant, Mythic, Rubeus, GhostPack, and BloodHound.
Training Participants
Who Should Take This Course
This course is not intended for beginners and includes a team-based, on-keyboard execution of a simulated red team engagement in a complex network scenario.