Adversary Simulation and Red Team Tactics

Presented By: Dominic Chell and Adam Chester

This intense course covers the skills required to conduct a simulation of a sophisticated adversary, including the latest tradecraft and offensive tactics. During the training you will gain insight in to planning and conducting a red team operation including all the steps required to perform efficient opensource intelligence, design and automate the deployment of operational infrastructure, gain initial access and perform post-exploitation and lateral movement. You will learn how to bypass defensive controls including anti-virus, AMSI and application whitelisting that will leave you equipped to target even the most mature environments.

The 2 day course will take place on the 10th & 11th September 2019 in London.
The price is £1,300 (inc VAT). Book your place in our shop now.

Learning Objectives

Red teams are continually sharpening their tradecraft to evade ever evolving defensive countermeasures. This challenging 2-day training course provides in-depth opportunity to learn the latest in advanced tradecraft from seasoned red team operators.

During the course, you will learn how to plan and execute a sophisticated red team operation against a mature organisation, evading defensive countermeasures along the way. We will cover the full life cycle of a red team operation from reconnaissance, efficient infrastructure deployment, techniques for gaining initial access, performing post-exploitation, establishing persistence and moving laterally.

Following the training students will be equipped to:

  • Perform in-depth opensource intelligence gathering,
  • Automate efficient infrastructure deployment,
  • Build sophisticated payloads for gaining initial access,
  • Evade security controls such as anti-virus, AMSI and application whitelisting,
  • Perform post-exploitation tasks such as host and network reconnaissance,
  • Pivot to n-tiered networks using SOCKS,
  • Establish persistence,
  • Perform Active Directory attacks such as kerberoasting, ASREP, abuse unconstrained delegation and exploit insecure ACLs,
  • Move laterally across a Windows estate.

Course Outline

Day 1:

  • Introduction to red team operations
  • Performing reconnaissance
  • Infrastructure design
  • Automating infrastructure deployment with ansible and terraform
  • Domain fronting
  • Obtaining Initial access
  • Microsoft Office payloads
  • HTML Applications
  • Windows Script Files
  • Bypassing anti-virus

Day 2:

  • AMSI
  • Evading application whitelisting
  • Post exploitation tasks
  • Pivoting
  • Persistence
  • Exploiting Active Directory
  • Kerberos Attacks: SPNs, ASREP, Delegation
  • Attacking Group Policy
  • Insecure ACL configurations
  • Lateral Movement
  • WMI
  • DCOM

Target Audience

Red teamers and those looking to transition into red team roles.

Book your 44CON 2019 training course now!