Intrusion Operations

Learn Top-Tier Red Team Techniques From The Veil Evasion Framework Author

Modern-day attackers develop new tradecraft allowing them to compromise hardened targets. It may look easy from the outside. There are many steps hidden from view that attackers take to ensure their success. This class covers advanced challenges red teamers face and provides techniques to succeed in formidable scenarios. You will start with nothing, build a profile on your target, persist within their environment, bypass modern defenses, and achieve the goals of your test.

FortyNorth’s updated course is at the Novotel London West, Hammersmith from the 2nd – 5th of December, 2019.

This 4-Day course is designed for attendees who are doing Red Team work but are looking to grow into team leads.

Book Now

Chris Truncer

Who Should Take This Course

  • CTL (or equivalent) looking to move into Red Teaming
  • Existing Red Team members looking to certify against CC SAS or CC SAM
  • Advanced Threat Hunters

Got CTL and want to go further? Learn from the author of the Veil evasion framework”

We’re pulling back the curtain on Red Team exercises.

Everything you do leaves the possibility for a defender to detect your actions, so you need to learn how to blend right in and minimize your footprint. We’re covering techniques not widely discussed, such as stripping out network, host, and in-memory indicators that get you caught. We’ll show how to customize malware and C2 to avoid being detected.

The methods we teach are based upon past-experience in real world scenarios that FortyNorth Security has used to compromise and maintain access while avoiding detection by the target’s blue team. Upon completion of the class, you will have an arsenal of new techniques that can be utilized to yield highly successful assessments. If attending while in a blue team capacity, you will have the ability to see what tools and techniques modern attackers are using to compromise hardened environments and develop techniques to help protect your organization.

All students will receive the custom scripts and tools used by FortyNorth Security on red team assessments. We’re here to help provide students with the best training and capabilities, so we’re sharing our internally developed code which help ensure we break into our customers and take what we want.


What You’ll Learn

  • Multiple tools for Command and Control
  • Malleable profiles for beacon detection avoidance
  • Building your own C2 infrastructure
  • Aggressor scripting
  • Advanced Active Recon
  • Phishing techniques
  • Bypassing Whitelisting
  • AV and EDR evasion
  • Initial Access, Recon, and Lateral Movement
  • Persistence

Book Now

Course Outline

Day 1 – C2 and OSINT

  • C2 Options
  • C2 Malleable Profile Concepts
  • Lunch
  • Modern C2 Configuration

Day 2 – Now You See It

  • Active Recon
  • Phishing and Phishing Malware
  • Lunch
  • AV Evasion
  • High-level EDR Evasion
  • C2 Malleable Profile Advanced Development

Day 3 – Whatlisting?

  • C2 Configuration Part 2
  • Initial Access, Internal Recon, and Lateral Movement
  • Lunch
  • Persistence
  • Application Whitelisting

Day 4 – Beast Mode

  • Aggressor Scripting
  • Attacking the Cloud
  • Lunch
  • Finalizing the Test
  • Lab Reveal

What To Bring

  • A Laptop with 8Gb of RAM
  • Admin access on the Laptop for VPN Client install
  • Basic Cobalt Strike experience (licence not needed)
  • Basic Scripting skills (e.g. Powershell, Python etc)

What Students Are Provided With

  • Private repo access with custom evasion tools
  • VPN Access to labs containing all tools needed

4 Days of Training at a Premium London Venue.
Book Now at only £2600 Inc. VAT!

Book Now!

4 Reasons Why You’ll Want To Train With 44CON



Focus on learning with our spacious, air-conditioned rooms. The comfort doesn’t stop there, with incredible food at lunch and in breaks.

Serious Savings

Save over 50% with us compared to the same courses at other events in London. Get the Vegas experience without the cost.



Get exclusive invites to 44CONnect – our quarterly event with talks and more. Invites run for 12 months after your last course.


44CON Discounts

You’ll receive an exclusive £50 discount code for standard tickets to the next main 44CON event: the UK’s best security conference.

Meet The Trainer: Chris Truncer

Christopher Truncer (@ChrisTruncer) is a co-founder and Offensive Security Lead with FortyNorth Security. He is a co-founder and current developer of the Veil-Framework, a project aimed to bridge the gap between advanced red team and penetration testing toolsets. Chris began developing tools that are not only designed for the offensive community, but can enhance the defensive community’s ability to defend their network as well.

Book Now For December!

Chris Truncer

44CON December Bonus: Hootenanny Tickets Included!


The 44CONnect Hootenanny is an end-of-year one day event on the 6th of December.

The Hootenanny has a single talk track, a workshop track and an escape room track. We’ll have workshops from our trainers so you can get a taste of their courses, and a bunch of invited talks at the level of quality you’ve come to expect from a full 44CON. The event is fully catered, of course.

All December training attendees automatically receive a Hootenanny ticket as part of their booking. Those who’ve attended training at any time in 2019 can join our wait list. Tickets will be issued to the wait list two weeks before the Hootenanny event.

Book Now

Watch Chris’ Recent Talks

Aggressive Autonomous Actions

This talk speaks to Aggressor, which is a scripting language that comes with Cobalt Strike. We’ve created or captured other public scripts into a single repository that shows how aggressor, and automation, can be used in every part of a red team or pen test.

Built-In Application Whitelisting with Windows Defender Application Control

What if there was already an application whitelisting solution built right into Windows, for free? Welcome to Windows Defender Application Control (WDAC). This talk will discuss what WDAC is and how can be deployed. We’ll look into building custom policies that allow you to define how your environment is protected and what you trust. We’ll also look at common configurations for WDAC along with their strengths and weaknesses. Finally, this wouldn’t be a talk without discussing and demonstrating how an attacker could attempt to circumvent WDAC, and live within its confines.

Stay In Touch

Like the NSA, our newsletter will be in your inbox every Tuesday. Unlike the NSA, you can unsubscribe at any time.