Advanced Windows Tradecraft

Presented By: Nikhil Mittal

Organizations with a mature security model want to test their security controls against sophisticated adversaries. Red teams that want to simulate such adversaries need an advanced tradecraft. Such a tradecraft must include the ability to adapt to the target environment, modify existing tactics and techniques to avoid detection, swiftly switch between tools written in different languages supported on Windows, break out of restrictions, utilize functionality abuse and keep up with the game of bypassing countermeasures. If you want to take your Windows tradecraft to the next level then this is the course for you.

This training takes you through a tradecraft for Red Teaming a Windows environment with nothing but trusted OS resources and languages. We will cover multiple phases of a Red Team operation like initial foothold, enumeration, privilege escalation, persistence, lateral movement, exfiltration etc. in a fully updated and patched lab with countermeasures enabled.

The 3 day course will take place on the 9th, 10th and 11th of September 2019 at the Novotel London West
Cost is £ 1,950 (inc VAT). Buy your place in our shop now.

Learning Objectives

Some of the topics covered in the class:

  • Offensive C#, PowerShell, Jscript/VBScript
  • Bypassing Application Whitelisting
  • Bypassing host countermeasures
  • Evading process tree based detection
  • Evading advanced logging (Command line, PowerShellv5, Sysmon etc.)
  • In-memory assembly and shellcode execution
  • Offensive WMI
  • COM hijacking
  • Advanced Client Side Attacks on restricted and secure environments
  • Local and domain privilege escalation

Attendees will get free one month access to a lab configured like an enterprise environment during and after the training.

Course Outline

Day 1:

  • Introduction to the methodology
  • Windows as an attack platform
  • Offensive PowerShell
  • PowerShell without powershell.exe
  • Offensive C#
  • Offensive Jscript/VBScript
  • Offensive WMI

Day 2:

  • COM Hijacking
  • Bypassing application whitelisting
  • Bypassing host countermeasures
  • Evading process tree based detection
  • Evading advanced logging (Command line, PowerShellv5, Sysmon etc.)
  • Advanced Client Side Attacks in restricted environment (AWL and ASR enabled)

Day 3:

  • Local and Domain privilege escalation
  • Persistence (on host, domain and forest)
  • Advanced Lateral Movement
  • Defenses and Detection

Target Audience

Red teamers and penetration testers who want to take their Windows tradecraft to the next level will find this course very useful. Blue teamers and security professionals who want to understand the how sophisticated adversaries target their organization should take this course.

Student Requirements

  • Prior experience with Red Teaming or penetration testing.
  • Prior experience with using Windows as an attack platform will be helpful.

What to Bring

  • System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes. Privileges to disable/change any antivirus or firewall.

Students will be provided with

  • Attendees will get free one month access to a lab configured like an Enterprise environment during and after the training.

About the Trainer

Lead Instruction – Nikhil Mittal

Nikhil Mittal is a hacker, infosec researcher, speaker, blogger and enthusiast. His area of interest includes red teaming, active directory security, attack research, defense strategies and post exploitation research. He has 10+ years of experience in red teaming.

He specializes in assessing security risks at secure environments that require novel attack vectors and “out of the box” approach. He has worked extensively on Active Directory attacks, defense and bypassing detection mechanisms and Offensive PowerShell for red teaming. He is creator of multiple tools like Nishang, a post exploitation framework in PowerShell and Deploy- Deception a framework for deploying Active Directory deception. In his spare time, Nikhil researches on new attack methodologies and updates his tools and frameworks.

Nikhil has held trainings and boot camps for various corporate clients (in US, Europe and SE Asia), and at the world’s top information security conferences.

He has spoken/trained at conferences like Defcon, BlackHat, CanSecWest, BruCON, 44CON and more.

Book your 44CON 2019 training course now!