-
Greg Hatcher White Knight Labs
-
Jake Mayhew White Knight Labs
- Dates: May 10, 11 and 12 2025
- Difficulty: Nose bleed
- Session Format: On-Site
- Language: English
Description
This course provides a comprehensive approach to mastering advanced offensive techniques by dissecting and overcoming modern defense mechanisms. Participants will gain hands-on experience with Terraform lab deployments, process injection strategies, and dynamic resolution techniques. A special focus is placed on the Cobalt Strike Command and Control (C2) framework, including malleable C2 profiles, sandbox evasion, EDR detection, and DLL proxying for persistence. The curriculum emphasizes custom payload development, teaching participants how to build reflective DLL loaders, bypass AMSI and ETW protections, and crafting tailored offensive payloads. Students will also gain practical knowledge in using shellcode for offensive operations, building on prior experience in payload development and creating initial footholds on target endpoints.
Key Learning Objectives
Students will gain the following: -a comprehensive understanding of modern cybersecurity defenses and how to neuter them -advanced skills in offensive techniques, Cobalt Strike usage, and payload development -knowledge of the latest research and updates in offensive cybersecurity methodologies -hands-on experience with dynamically updated labs in AWS, Cobalt Strike, and custom payload development strategies
Who Should Attend?
We recommend this course for penetration testers, red teamers, and blue teamers that are seeking to advance their malware development skills.
Prerequisite Knowledge
A background in C/C++ and Windows programming is highly recommended.
Hardware Requirements
Students will need a laptop and an AWS admin account with programmatic access for deploying the Terraform script.
Bio
Greg Hatcher , White Knight Labs
Greg has a background in Army Special Forces and teaching Windows internals at the NSA. He also led a 3-man red team for CISA that specialized in attacking America’s critical infrastructure. He authored and teaches WKL’s flagship course, Offensive Development, at Wild West Hackin’ Fest and virtually on the Antisyphon platform. Greg is passionate about C programming for the Windows operating system and abusing Active Directory. Greg is an active member of the following organizations: Cloud Security Alliance, the Right Place, American Corporate Partners, West Michigan Technology Council. He regularly appears in the news discussing cyber warfare and the impact of Chinese APTs on America's critical infrastructure. Greg has the following certifications: GXPN, GCPN, CRTP, CISSP, GWAPT, and GSEC.
Jake Mayhew , White Knight Labs
Jake Mayhew is an experienced information security professional who currently serves as the technical lead for the offensive security team at UPMC. Before serving on an internal red team, he spent several years in consulting delivering security tests for clients in finance, healthcare, retail, critical infrastructure/nuclear energy, and law. He holds the OSCE3 (OSED, OSWE, OSEP), OSCP, CRTO, and OSDA certifications and loves to assist others in their cybersecurity learning path. Jake is one of the founding members of Applied Technology Academy's Asymmetric Training Group (ATG), and has a passion for sharing real-world knowledge and cutting-edge solutions with his students. Jake has led & co-led offensive security trainings including the PEN-200 OSCP training at BlackHat USA.