$3,150 – $3,500

Adversary Tactics - Red Team Operations Training Course

Event Information

Share this event

Date and Time

Location

Location

1775 Tysons Blvd

3rd Floor

Mclean, VA 22102

View Map

Refund Policy

Refund Policy

Refunds up to 7 days before event

Event description

Description

Upgrade your Red Team engagements with bleeding-edge Tactics, Techniques, and Procedures (TTPs) used by attackers in real-world breaches. This course will teach students how to infiltrate networks, gather intelligence, and covertly persist in a network like an advanced adversary. Students will use the skillsets taught in Adversary Tactics: Red Team Ops to go up against live incident responders in an enterprise lab environment designed to mimic a mature real-world network. Students will learn to adapt and overcome Blue Team response through collaborative feedback as the course progresses.

Topics covered include:

  • Design and deploy sophisticated, resilient covert attack infrastructure
  • Gain an initial access foothold on systems using client-side attacks in real-world scenarios
  • Utilize advanced Active Directory attack techniques to execute domain enumeration, escalation, and persistence
  • Perform sophisticated post-exploitation actions, including sophisticated data mining, going beyond just achieving “Domain Admin”
  • Use cutting-edge lateral movement methods to move through the enterprise
  • Practice “offense-in-depth” by utilizing a variety of tools and techniques in response to defender actions and technical defenses
  • Effectively train network defenders to better protect themselves against advanced, persistent adversaries

Course Summary

As organizations scramble for a way to keep from becoming the next breach headline, they’ve begun looking for ways to simulate the sophisticated attackers they now face. Organizations that have started to adopt an “assume breach” mentality understand that it’s not a matter of if they’re compromised by these advanced adversaries, but when. The best way to test modern environments against these more advanced threats is with a Red Team that leverages the same TTPs as adversaries themselves. If you want to learn how to perform Red Team operations, sharpen your technical skillset, or understand how to defend against modern adversary tradecraft, Adversary Tactics: Red Team Ops is the course for you.

This intensive course immerses students in a simulated enterprise environment, with multiple domains, up-to-date and patched operating systems, modern defenses, and active network defenders responding to Red Team activities. We will cover all phases of a Red Team engagement in depth: advanced attack infrastructure setup and maintenance, user profiling and phishing, host enumeration and “safety checks”, advanced lateral movement, sophisticated Active Directory domain enumeration and escalation, persistence (userland, elevated, and domain flavors), advanced Kerberos attacks, data mining, and exfiltration.

A focus will be placed on “offense-in-depth,” the ability to rapidly adapt to defensive mitigations and responses with a variety of offensive tactics and techniques. To drive this concept home, students will go up against live incident responders that will actively hunt for and block malicious activity in the environment. The responders will provide real-time feedback to students to demonstrate what artifacts attackers can leave behind, and how students can adapt their tradecraft to minimize their footprint. Come learn to use some of the most well-known offensive tools from the authors themselves, including co-creators and developers of PowerView, PowerShell Empire, PowerSploit, PowerUp, and BloodHound.

Course Syllabus

Day 1:

  • Red Team philosophy/overview
    Engagement management
  • Covert infrastructure deep dive - setup, protection, maintenance
  • Initial external reconnaissance and OSINT
  • “Offense-in-depth”
  • Evading network detections and active incident responders (“hunting”)

Day 2:

  • Initial access
  • Host triage and offensive “safety checks”
  • Detection and evasion of host-based defenses
  • Maintaining your foothold (short vs. long term and userland vs elevated persistence strategies)
  • Privilege escalation methods through abuse of misconfigurations

Day 3:

  • User and network resource mining
  • Credential abuse
  • Active Directory enumeration and abuse - intelligence gathering, domain escalation, covert persistence, and BloodHound
  • Kerberos attacks in depth
  • Pivoting through the target network

Day 4:

  • Providing value to client
  • Blue team training objectives
  • Data movement and external exfiltration
  • Lab debrief

Student Requirements

This is an advanced course and will include a large amount of lab activities in a complex simulated enterprise, with active response actions being taken by defensive personnel. Students should have previous penetration testing training and experience with penetration testing tools and techniques. Additionally, some familiarity with PowerShell or other scripting languages is beneficial.

Hardware Requirements

Participants will need to bring a laptop with:

  • 8GBs of RAM
  • Ability to run a virtual machine (VMWare Player, Workstation, Fusion)

What's Included

  • Four day training
  • All day beverages and snacks
  • Daily lunch
  • Thursday night happy hour with the instructors

Accommodations

Training will be taking place in the Tysons Corner area of Northern Virginia.

There are several hotels close by, including the Hilton McLean, Hyatt Regency Tysons Corner and the Ritz Carlton Tysons corner within walking distance.


FAQs

What are my transportation/parking options for getting to and from the event?

If you are local to the area, the location is less than a quarter mile from the Metro Silver Line Tysons Corner station.

There is daily parking onsite, but we cannot validate parking. Daily parking rate is $12.

How can I contact the organizer with any questions?

Please email info@specterops.io with any questions.

What's the refund policy?

Full refunds will be provided up to 7 days before the course start date.

Share with friends

Date and Time

Location

1775 Tysons Blvd

3rd Floor

Mclean, VA 22102

View Map

Refund Policy

Refunds up to 7 days before event

Save This Event

Event Saved