-
John Stigerwalt White Knight Labs
-
Robert Pimentel White Knight Labs
- Dates: May 10, 11 and 12 2025
- Difficulty: Nose bleed
- Session Format: On-Site
- Language: English
Description
Cobalt Strike Setup: Learn to set up and configure Cobalt Strike or Havoc as your C2 server, simulating a real-world red team operation Building and Managing Redirectors: Use cloud-based services like AWS Lambda, Azure CDN, and GCP CDN to manage redirectors and evade detection Cloud-Based C2 Techniques: Deploy cloud infrastructure using Terraform to manage C2 channels and execute sophisticated attacks. Operational Tactics: Learn advanced tactics, from vulnerability identification to privilege escalation, and gain administrative domain control Simulated Attack Path: Engage in a simulated attack against the stigs-corp.local network, gaining domain admin and testing against next-generation EDR
Key Learning Objectives
The main objective of the ARTO course is for students to obtain a working knowledge of conducting large-scale red team operations in mature environments where multiple defensive solutions are in play. Students will: deploy their own redirectors in GCP AWS, and Azure; deploy their dedicated Cobalt Strike team server, all while learning how to avoid the pitfalls of poor OPSEC.
Who Should Attend?
This course is intended for the following audience: seasoned penetration testers that are attempting to break into red teaming, junior red team operators that seeking advanced skills to enhance their offensive skills, and also cloud architects/defenders that are interested in mastering how C2 frameworks work when AWS, GCP, and Azure are used to mask C2 traffic.
Prerequisite Knowledge
This is an advanced level course – a background in current red teaming techniques, C2 framework usage, post-exploitation, and deploying attack infrastructure in the cloud would be useful, but not required.
Hardware Requirements
Students are required to have an admin account in AWS with programmatic access (keys) for deploying the Terraform script. Students that are interested in exploring the Azure and GCP portions of the course will also need to have admin accounts in those CSPs. WKL recommends that students have a laptop with at least 16GB of RAM.
Bio
John Stigerwalt , White Knight Labs
John has worked as blue teamer, vCISO, developer, senior penetration tester, and red team lead. John served as the F-Secure red team lead for the western hemisphere. He has led long‐term red team engagements in highly complex Fortune 500 companies. He has worked together with Microsoft to increase kernel security for the Windows operating system. He has led training at BlackHat, DerbyCon, and Wild West Hackin’ Fest. He is the author WKL’s Advanced Red Team Operations course (ARTO). John has the following certifications: OSCP, OSCE, CRTP (Certified Red Team Professional), CRTE (Certified Red Team Expert), and SLAE (Assembly Language and Shellcoding). John is known as one of the most talented offensive cyber security experts in the world and can do whatever is asked of him on a computer.
Robert Pimentel , White Knight Labs
Robert is a seasoned offensive security professional with more than a decade of experience in Information Security. He started his career in the U.S. Marine Corps, working on secure telecommunications. Robert holds a master's degree in Cybersecurity, numerous IT certifications, and a background as an instructor at higher education institutions like the New Jersey Institute of Technology and American University. Robert is committed to sharing his knowledge and experiences for the benefit of others. He enjoys Brazilian steakhouses and cuddling with his pugs while writing Infrastructure as Code to automate Red Team Infrastructure. Robert is the Red Team Lead at a Fortune 50 insurance company.