Adversary Simulation and Red Team Tactics

Event Information

Share this event

Date and Time



32A Park Green


SK11 7NA

United Kingdom

View Map

Refund Policy

Refund Policy

Refunds up to 7 days before event

Eventbrite's fee is nonrefundable.

Event description


This intense course covers the skills required to conduct a simulation of a sophisticated adversary, including the latest tradecraft and offensive tactics. During the training you will gain insight in to planning and conducting a red team operation including all the steps required to perform efficient opensource intelligence, design and automate the deployment of operational infrastructure, gain initial access and perform post-exploitation and lateral movement. You will learn how to bypass defensive controls including anti-virus, EDR, AMSI and application whitelisting that will leave you equipped to target even the most mature environments.

The course syllabus is as follows:

1 - Introduction to Red Team Operations

  • Introduction
  • Operation Structure
  • Operation Methodology
  • Course logistics

2 – Reconnaissance

  • Passive Reconnaissance
  • Active Reconnaissance

3 - Infrastructure Design and Automation

  • Infrastructure Design Concepts
  • Redirectors
  • Domains, Reputation and Categorisation
  • Domain Fronting
  • Automation
  • Cobalt Strike and Malleable Profiles

4 - Initial Access Techniques

  • Execution Cradles
  • Office VBA and Excel4.0 Macros
  • OLE
  • ClickOnce
  • Windows Script Host
  • HTML Applications
  • Shortcut Files

5 - Defensive Evasion

  • Creating Advanced Payloads
  • AMSI
  • VBA Stomping
  • HTML Smuggling
  • Keying
  • Application Whitelisting
  • Parent Process Spoofing
  • Argument Confusion
  • Decoupling Execution

6 - Host Triage

  • Identifying Defensive Solutions
  • Situational Awareness
  • User Profiling
  • Web Browsers
  • Password Managers

7 – Persistence

  • User-land Persistence
  • Office Persistence
  • COM Hijacking
  • Junction Folders
  • Administrative Persistence
  • WMI Event Subscription

8 - Privilege Escalation

  • Insecure Windows Services
  • Privilege Escalation Through the OS
  • UAC

9 - Pivoting and Lateral Movement

  • Validating Privilege
  • Peer to Peer C2
  • PSExec
  • WMI
  • DCOM
  • WinRM
  • Pivoting

10 - Exploiting Active Directory

  • AD Recon and Enumeration
  • Group Policy
  • Kerberoasting
  • AS-REP
  • Access Control Attacks
  • Constrained and Unconstrained Delegation
  • Microsoft LAPS
  • Exploiting SQL
  • Credential Recovery

Learning Objectives
Red teams are continually sharpening their tradecraft to evade ever evolving defensive countermeasures. This challenging 3-day training course provides in-depth opportunity to learn the latest in advanced tradecraft from seasoned red team operators.

During the course, you will learn how to plan and execute a sophisticated red team operation against a mature organisation, evading defensive countermeasures along the way. We will cover the full life cycle of a red team operation from reconnaissance, efficient infrastructure deployment, techniques for gaining initial access, performing post-exploitation, establishing persistence and moving laterally.

The training course is heavily focused on the use and extension of Cobalt Strike; during the course students will have access to the licensed copy of the implant and will learn how to extend it using features such as the resource kit.

Following the training students will be equipped to:

  • Perform in-depth opensource intelligence gathering,
  • Automate efficient infrastructure deployment,
  • Build sophisticated payloads for gaining initial access,
  • Evade security controls such as anti-virus, AMSI and application whitelisting,
  • Perform post-exploitation tasks such as host and network reconnaissance,
  • Pivot to n-tiered networks using SOCKS,
  • Establish persistence,
  • Perform Active Directory attacks such as kerberoasting, ASREP, abuse unconstrained delegation and exploit insecure ACLs,
  • Move laterally across a Windows estate.

Student Requirements:

Students will require a laptop with administrator rights and WiFi. Each student will receive their own dedicated lab environment for the course which can be accessed using a web browser.

Target Audience:

This course is aimed at experienced penetration testers looking to gain entry in to the red team world, as well as seasoned red teamers looking to advance or sharpen their tradecraft.

What's Included:

  • Three days training
  • Beverages and snacks during breaks
  • Daily lunch


The training will take place at MDSec's office, located at 32a Park Green, Macclesfield, Cheshire. Several hotels are located in local proximity, including:

  • https://www.travelodge.co.uk/hotels/412/Macclesfield-Central-hotel
  • https://www.tripadvisor.co.uk/Hotel_Review-g191278-d14199208-Reviews-Sleep_Eat_Repeat-Macclesfield_Cheshire_England.html

What Our Students Say:

"Upgrade your arsenal, step up the game" - Tiago Sintra

"If you don't know where to start, this is the place." - Anonymous

"A wealth of useful red team information based on experience, provided by top class industry experts. I highly recommend this course." - Charlie Clark

"Fantastic course. Up to date, relevant and delivered in an easy to understand fashion. Excellent value and extremely informative" - Ian Lyte

"Zero to Hero? Not quite. But it's a great opener to understanding RedTeam principles and feels like the missing course for getting started with Cobalt Strike." - Adam

"The training was amazing, and I would highly recommend it to anyone wanting to work in the red team field, and those already working in the field" - Anonymous

"A great learning experience, lots of technical skills learnt and some great tips on mindset for approaching RT engagements." - Anonymous

"An essential follow up to an OSCP to adapt your knowledge to a red-team role" - Jamie Grive


How can I contact the organizer with any questions?

For further information or to pose any questions please contact MDSec on contact@mdsec.co.uk

Tickets can also be purchased directly with an invoice by contacting MDSec directly.

What's the refund policy?

Full refunds will be provided up to 7 days before the course start date


Share with friends

Date and Time


32A Park Green


SK11 7NA

United Kingdom

View Map

Refund Policy

Refunds up to 7 days before event

Eventbrite's fee is nonrefundable.

Save This Event

Event Saved