Overview

Immerse yourself in our latest in-person, hands-on Offensive Active Directory Operator Course (OADOC) simulating advanced Active Directory exploitation. From enumeration to privilege escalation and defense evasion, you'll refine your expertise in exploiting modern Active Directory environments the way an advanced adversary would. Over this three-day course, instructors will guide you through dynamic attack paths inspired from real-world operations with Lab access along with an exam attempt.

This course also emphasizes on Active Directory abuses with operational security in mind, maintaining a minimal footprint while evading modern defenses. By the end, you'll have mastered a wide array of Active Directory exploitation techniques, equipping you to tackle complex engagements in real-world scenarios.

More information

Dive deep into cutting edge techniques that bypass or neuter modern endpoint defenses. Learn how these solutions work to mitigate their utility and hide deep within code on the endpoint. The days of downloading that binary from the internet and pointing it at a remote machine are over. Today’s defenses oftentimes call for multiple bypasses within a single piece of code.

This course is designed to take you deep into defensive and offensive tooling – an apex attacker must know the own indicators of compromise (IOCs) they’re creating and the artifacts they’re leaving behind.

Students will have access to several EDR products and Cobalt Strike in this course.

More information

Modern IT systems are complex and it’s all about full-stack nowadays. To become a pentesting expert, you need to dive into full-stack exploitation and gain a lot of practical skills. That’s why I created the Full-Stack Pentesting Laboratory.

For each attack, vulnerability and technique presented in this training there is a lab exercise to help you master full-stack pentesting step by step. What’s more, when the training is over, you can take the complete lab environment home to hack again at your own pace.

I found security bugs in many companies including Google, Yahoo, Mozilla, Twitter and in this training I’ll share my experience with you. The content of this training has been carefully selected to cover the topics most frequently requested by professional penetration testers.

More information

The introduction to Malware Binary Triage (IMBT) course provides a comprehensive overview of the malware binary triage process. You will learn to reverse engineering and analyze real-world malware samples, including a nation state SMB worm, prolific loaders used by cybercriminals and a ransomware variant that has been used to attack critical infrastructure. You will learn to use Binary Ninja, x64dbg and other common open-source tools to achieve your analysis objectives. You will also learn how to analyze advanced malware techniques, including obfuscation, process injection and packing algorithms.

This course consists of eleven modules, each containing lectures and practical labs to apply the knowledge that you have gained as you complete the training course. We provide both practical demonstrations and written materials, so no matter what your learning style is, you can complete the course successfully.

More information

WKL's ARTO course is meant to fill in the gaps for senior penetration testers that want to pivot into conducting red team operations against mature enterprise environments. Students will be given a Terraform script that spins up their own dedicated lab environment that they lifetime access to. Students will go through the process of purchasing domains to simulate deploying their red team attack infrastructure. WKL's instructors will go in-depth regarding the usage of CDNs in GCP, AWS, and Azure for redirectors. At the end of the course, students will have the opportunity to test their knowledge by taking the Advanced Red Team Operation Certification exam, a rigorous, hands-on 48 hours exam where students will need to gain Domain Admin control over the stigs-corp.local network and accomplish various objectives.

More information

The "Attacking and Securing CI/CD Pipelines" course is a dynamic, hands-on training program designed to equip participants with the skills to identify, exploit, and mitigate vulnerabilities within Continuous Integration and Continuous Deployment environments. As CI/CD pipelines form the backbone of modern software development, their security is paramount. This self-paced course blends theoretical insights with practical, real-world labs to create an immersive learning experience.

Participants will explore critical security concepts, including hijacking techniques, artifact poisoning, branch protection misconfiguration bypasses, and OIDC misconfigurations. The course also emphasizes countermeasures and best practices for securing pipelines across popular platforms like GitHub Actions, AWS CodeBuild, CircleCI and Azure DevOps. By the end of the program, learners will have the expertise to both attack and secure CI/CD environments effectively.

Designed for DevSecOps professionals, penetration testers, red team operators, and security engineers, the course provides a flexible and comprehensive approach to CI/CD security. Whether you're securing pipelines or simulating attacks, this course offers a robust foundation in CI/CD security.

More information

The training is divided into five sections: Initial Foothold, Gaining Access, Offensive Coding, Internal Reconnaissance, and Lateral Movement. Each section will be covered in depth, providing technical evidence of how each technique works. Red team exercises will be performed to assess responsiveness and detection capabilities. As a red teamer, it is important to understand what each tool and command you use is doing behind the scenes to provide proper guidance. The training will help you understand the tools and techniques used during a red team exercise, develop your own toolset, adapt existing tools when needed, identify new techniques or potential evasion tricks, and gain an overview of the popular methods used in red team exercises.

Expect to perform code reviews, network analysis, code behavior analysis, and write code to enhance your red team capabilities.

More information

Yesterday, it was Salt Typhoon. Today, it’s Liminal Panda. Tomorrow, they’ll target your latest fifth-generation networks. As 5G becomes the backbone of sensitive data management and mission-critical operations, its security is more crucial than ever. However, there’s a pressing gap in the expertise and skills needed to safeguard these systems effectively. This 5G Core Security Training is designed to give security pros the skills to identify and counter security threats in 5G networks. You'll dive into 5G core security, protocols, and learn how to use pentesting tools to assess vulnerabilities and develop exploits. The training also covers the latest security challenges and best practices, with hands-on exercises simulating real-world attacks and defenses on a local, isolated (zero RF transmitting) 5G network setup.

More information

This comprehensive Offensive Azure Operation & Tactics Certification course provides a deep dive into Azure's infrastructure and security landscape. Participants will explore various modules covering essential components such as Azure infrastructure understanding, enumeration techniques, initial access strategies including phishing methods, abusing reader roles, misconfigurations, and exploiting Azure services. The course extends into post-exploitation techniques, pivoting between cloud and on-premises environments, compromising DevOps, Devices using Microsoft Intune, Entra ID Connect features, leveraging Azure services for persistence, conducting Azure configuration assessments, and utilizing automation tools for security checks. This hands-on course equips participants with practical insights and skills crucial for identifying and exploiting Azure components.

More information

This updated Black Hat edition training offers hands-on threat modeling exercises based on real-world projects, to equip participants with skills as Threat Modeling Practitioners. The course integrates exercises using MITRE ATT&CK, Agile and DevOps practices, and includes a challenge on threat modeling a Machine Learning-Powered Chatbot. Participants will engage in CTF-style challenges, battling for control over an offshore wind turbine park, in a threat modeling war game.

For beginner to intermediate learners, the training includes a two-hour introductory self-paced module. Exercises focus on practical use cases with detailed environments, questions, and templates. Students, in teams of 3-4, will do challenges: - Diagramming techniques for a travel booking service - Threat modeling cloud-based update services for IoT kiosks - Developing attack trees against a nuclear research facility - Using MITRE ATT&CK for SOC Risk-Based Alerting systems - Mitigating threats in payment services with microservices and S3 buckets - Applying the OWASP Threat Modeling Playbook in agile development - Securing CI/CD pipelines

Each exercise concludes with group discussions and documented solutions. Participants receive the Threat Modeling Playbook, a year of online learning platform access, and will get feedback and guidance on an after-training assignment.

More information