Learn to Be Your Organization’s Own Worst Enemy
Organizations rely on red team operations to exercise their defensive capabilities and continually hone and strengthen its security posture. As defenses evolve, however, it can be tough for red teams to stay ahead and provide that much-needed adversary for blue teams to practice against. What’s a red teamer to do? How can one keep up with the near-daily changing industry? Adversary Tactics: Red Team Operations helps close that gap for red teamers, providing practical tradecraft for operators to use on their next test and guidance for how to maintain that edge over time.
Red Team Operations
Upgrade your red team tradecraft with cutting-edge Tactics, Techniques, and Procedures (TTPs) used by attackers in real-world breaches. This course will teach participants how to infiltrate networks, gather intelligence, and covertly persist to simulate advanced adversaries. Participants will use the skillsets taught in this course to go up against incident response in a complex lab environment designed to mimic an enterprise network. You’ll learn to adapt and overcome active response operations through collaborative feedback as the course progresses.
- Introduction & Course Overview
- Lab and course range infrastructure
- Red Team Operations
- Attack Infrastructure
- Host Situational Awareness
- PowerShell Weaponization
- Privilege Escalation
- An Introduction to Hunting
- Credential Abuse
- AD Situational Awareness
- Payload Methodology
- Pivoting and Lateral Movement
- SQL Abuse
- OPSEC Considerations
- Domain Trusts
- Golden Tickets
- Silver Tickets and Forged Ticket Detection
- Visualizing Attack Paths with BloodHound
- Kerberos Delegation Abuse
- CTF and capstone conclusion
- Lab Debrief
- Defensive Debrief
Adversary Tactics: Red Team Operations immerses participants in a single simulated enterprise environment, with multiple networks, hardened endpoints, modern defenses, and active network defenders responding to red team activities. We will focus on in-depth attacker tradecraft for post-initial access; breaking out of the beachhead, establishing resilient command and control (C2) infrastructure, gaining situational awareness through OPSEC-aware host and network enumerations, performing advanced lateral movement and sophisticated Active Directory escalation, gaining persistence (userland, elevated, and domain flavors), and performing advanced Kerberos attacks, data mining, and exfiltration. All while focusing on the importance of “offense-in-depth,” the ability to rapidly adapt to defensive mitigations and responses with a variety of offensive tactics and techniques.
Come learn to use some of the most well-known offensive tools from the authors themselves, including co-creators and developers of PowerView, PowerShell Empire, Covenant, Mythic, Rubeus, GhostPack, and BloodHound.
This course is not intended for beginners and includes a team-based, on-keyboard execution of a simulated red team engagement in a complex network scenario.
Participants should be comfortable with penetration testing concepts and tools, Active Directory, and attacking Microsoft Windows environments.
Participants must provide their own computer with a modern web browser installed to access training materials and complete the course’s labs. The SpecterOps training platform URL (https://specterops.training) must be accessible from the participant’s computer throughout the duration of the course.
There are no local virtual machines or special software required to fully participate in the course or labs.
During the course, participants will be provided access to a comprehensive range to perform course labs and goals.
Upon completion of the course, participants are provided with a copy of course slides, copies of solution guides/videos, and a certificate of completion.
See What Else We Have to Offer
If a public offering of the training classes does not fit your busy schedule, our team of experts are available to provide a private training offering to your organization. This is by far the best way for your team to get one on one access to the instructors and solidify the material. We provide all training material as well as laptops and classroom locations if needed.Private Trainings