SpecterOps - Adversary Tactics: Red Team Operations (On Site)

May 23 to 26, 2023

Course Abstract

Organizations rely on red team operations to exercise their defensive capabilities and continually hone and strengthen its security posture. As defenses evolve, however, it can be tough for red teams to stay ahead and provide that much-needed adversary for blue teams to practice against. What’s a red teamer to do? How can one keep up with the near-daily changing industry? Adversary Tactics: Red Team Operations helps close that gap for red teamers, providing practical tradecraft for operators to use on their next test and guidance for how to maintain that edge over time.

Outline

DAY 1

  • Introduction & Course Overview
  • Lab and course range infrastructure
  • Red Team Operations
  • Host Situational Awareness
  • PowerShell Weaponization
  • Privilege Escalation

DAY 2

  • An Introduction to Hunting
  • Credential Abuse
  • AD Situational Awareness
  • Payload Methodology
  • Pivoting and Lateral Movement
  • SQL Abuse

DAY 3

  • OPSEC Considerations
  • Domain Trusts
  • Kerberos
  • Golden Tickets
  • Silver Tickets and Forged Ticket Detection

DAY 4

  • Visualizing Attack Paths with BloodHound
  • DPAPI
  • Kerberos Delegation Abuse
  • CTF and capstone conclusion
  • Lab Debrief
  • Defensive Debrief

Who Should Attend

This course is not intended for beginners and includes a team-based, on-keyboard execution of a simulated red team engagement in a complex network scenario.

Participants should be comfortable with penetration testing concepts and tools, Active Directory, and attacking Microsoft Windows environments.

What You Need

Participants must provide their own computer with a modern web browser installed to access training materials and complete the course’s labs. The SpecterOps training platform URL (https://specterops.training) must be accessible from the participant’s computer throughout the duration of the course.

There are no local virtual machines or special software required to fully participate in the course or labs.

Bio

SpecterOps ,

Specific instructors will be determined soon. The SpecterOps team consists of sought-after experts, who bring years of breach assessment (hunt) and red team experience from both commercial and government sectors.

Return to training sessions