Course Overview

Oftentimes, it is difficult to understand the depth to which a cyber-attack can cripple an organization and result in tremendous loss. AD Red Team is an evaluation method that was developed to simulate a carefully crafted cyber-attack on the organization in order to help them understand the scope and their level of preparedness. It is an in-depth assessment conducted over a long period of time to test an enterprise's detection and response competence.

The course structure comprises various types of attacker simulators and industry attack frameworks such as Cyber Kill Chain, Attack Tree, and MITRE ATT&CK Framework. Candidates get the opportunity to behave like an adversary and creatively use local, built-in tools to reach business goals while preventing detection.

Furthermore, the course focuses on making use of open-source resources, such as tools and scripts, and then tweaking them to complement an organization's specific needs. On performing nefarious cyber-attack exercises that simulate real-world threat vectors, students will gain hands-on experience.

Full adversary simulation following MITRE ATT&CK framework

Hands-on C2 framework setup and payload delivery

Advanced evasion: AV bypass, EDR evasion, AMSI bypass

Phishing campaigns and social engineering delivery

Full red team report writing and debrief skills

Prerequisites

Prior experience in conducting penetration tests and security assessments of web applications using the OWASP top 10, and IT administration. Understanding of the Windows operating system, registry, and use of the Windows command line. Experience with Active Directory, common network protocols, Linux operating systems, and file systems.

Training Modules

Red Vs Blue Vs Purple Team Roles
Rules Of Engagement
MITRE ATT&CK
Engagement Planning

Phishing
Spear-phishing
Macro Payloads
HTA
HTML Smuggling
Drive-by Exploitation

Payload Crafting
Cobalt Strike/Havoc Beacons
Custom Loaders
Obfuscation
Dropper Development

C2 Framework Setup
Malleable Profiles
Redirectors
Domain Fronting
Covert Channels

Windows & Linux Privesc
Token Impersonation
SUID Abuse
Kernel Exploits
Service Misconfigs

Mimikatz
LSASS
SAM
DCSync
Credential Stores
Browser Credentials
Vaultcmd

BloodHound Paths
Kerberoasting
ACL Abuse
Golden/Silver Tickets
Domain Takeover

Pass-the-Hash
PSExec
WMI
DCOM
RDP
SSH Tunneling
Pivoting Chains

Registry
Scheduled Tasks
WMI Subscriptions
DLL Hijacking
Golden Ticket Persistence

Staged Exfil
DNS/HTTP/HTTPS Channels
Encoding
Exfil Over Cloud Services
DLP Bypass

AV/EDR Bypass
AMSI Patching
ETW Patching
Living-off-the-land Binaries (LOLBins)

Findings Documentation
Executive Summary
Technical Report
Remediation Guidance
Purple Team Debrief

Why Choose This Course?

To understand the effects of the breach of confidentiality

Assess the knowledge of information security for the internal personnel

Discover the shortcomings in your development and research systems

Check the team's incident response capability

To check the security controls such as WAF, IDS / IPS, and Load Balancer

To test the capacity of your company to defend your vital assets from a real-world assault