SpecterOps - Adversary Tactics: Red Team Operations (On Site)

May 23 to 26, 2023

Course Abstract

Organizations rely on red team operations to exercise their defensive capabilities and continually hone and strengthen its security posture. As defenses evolve, however, it can be tough for red teams to stay ahead and provide that much-needed adversary for blue teams to practice against. What’s a red teamer to do? How can one keep up with the near-daily changing industry? Adversary Tactics: Red Team Operations helps close that gap for red teamers, providing practical tradecraft for operators to use on their next test and guidance for how to maintain that edge over time.

Outline

DAY 1

  • Introduction & Course Overview
  • Lab and course range infrastructure
  • Red Team Operations
  • Host Situational Awareness
  • PowerShell Weaponization
  • Privilege Escalation

DAY 2

  • An Introduction to Hunting
  • Credential Abuse
  • AD Situational Awareness
  • Payload Methodology
  • Pivoting and Lateral Movement
  • SQL Abuse

DAY 3

  • OPSEC Considerations
  • Domain Trusts
  • Kerberos
  • Golden Tickets
  • Silver Tickets and Forged Ticket Detection

DAY 4

  • Visualizing Attack Paths with BloodHound
  • DPAPI
  • Kerberos Delegation Abuse
  • CTF and capstone conclusion
  • Lab Debrief
  • Defensive Debrief

Who Should Attend

This course is not intended for beginners and includes a team-based, on-keyboard execution of a simulated red team engagement in a complex network scenario.

Participants should be comfortable with penetration testing concepts and tools, Active Directory, and attacking Microsoft Windows environments.

What You Need

Participants must provide their own computer with a modern web browser installed to access training materials and complete the course’s labs. The SpecterOps training platform URL (https://specterops.training) must be accessible from the participant’s computer throughout the duration of the course.

There are no local virtual machines or special software required to fully participate in the course or labs.

Bio

Nick Powers Operator and Red Teamer, SpecterOps

Nick is an operator and red teamer at SpecterOps. He has experience with providing, as well as leading, pentest and red team service offerings for a large number of fortune 500 companies. Prior to offensive security, Nick gained security and consulting experience while offering compliance-based gap assessments and vulnerability audits. With a career focused on offensive security, his interests and prior research focuses have included initial access techniques, evasive Windows code execution, and the application of alternate C2 and data exfiltration channels.

Hope Walker Senior Consultant, SpecterOps

Hope is a consultant at SpecterOps with experience in conducting and leading red team operations. Prior to joining SpecterOps, she conducted research, led red team process improvement efforts, trained new operators, and managed the operations floor for a DoD Red Team. Hope holds four degrees from the University of Alabama in Huntsville including a master's in cyber security and was a recipient of the National Science Foundation Cyber Corps scholarship.

Return to training sessions