Adversary Simulation and Red Team Tactics

Presented By: Dominic Chell and Adam Chester

This intense course covers the skills required to conduct a simulation of a sophisticated adversary, including the latest tradecraft and offensive tactics. During the training you will gain insight in to planning and conducting a red team operation including all the steps required to perform efficient opensource intelligence, design and automate the deployment of operational infrastructure, gain initial access and perform post-exploitation and lateral movement. You will learn how to bypass defensive controls including anti-virus, AMSI and application whitelisting that will leave you equipped to target even the most mature environments.

The 2 day course will take place on the 10th & 11th September 2019 in London.
The price is £1,300 (inc VAT). September seats for this course have sold out. For details of other courses, click here.

Learning Objectives

Red teams are continually sharpening their tradecraft to evade ever evolving defensive countermeasures. This challenging 2-day training course provides in-depth opportunity to learn the latest in advanced tradecraft from seasoned red team operators.

During the course, you will learn how to plan and execute a sophisticated red team operation against a mature organisation, evading defensive countermeasures along the way. We will cover the full life cycle of a red team operation from reconnaissance, efficient infrastructure deployment, techniques for gaining initial access, performing post-exploitation, establishing persistence and moving laterally.

Following the training students will be equipped to:

  • Perform in-depth opensource intelligence gathering,
  • Automate efficient infrastructure deployment,
  • Build sophisticated payloads for gaining initial access,
  • Evade security controls such as anti-virus, AMSI and application whitelisting,
  • Perform post-exploitation tasks such as host and network reconnaissance,
  • Pivot to n-tiered networks using SOCKS,
  • Establish persistence,
  • Perform Active Directory attacks such as kerberoasting, ASREP, abuse unconstrained delegation and exploit insecure ACLs,
  • Move laterally across a Windows estate.

Course Outline

Day 1:

  • Introduction to red team operations
  • Performing reconnaissance
  • Infrastructure design
  • Automating infrastructure deployment with ansible and terraform
  • Domain fronting
  • Obtaining Initial access
  • Microsoft Office payloads
  • HTML Applications
  • Windows Script Files
  • Bypassing anti-virus

Day 2:

  • AMSI
  • Evading application whitelisting
  • Post exploitation tasks
  • Pivoting
  • Persistence
  • Exploiting Active Directory
  • Kerberos Attacks: SPNs, ASREP, Delegation
  • Attacking Group Policy
  • Insecure ACL configurations
  • Lateral Movement
  • WMI
  • DCOM

Target Audience

Red teamers and those looking to transition into red team roles.