Practical Red Team Tradecraft for Adversary Simulation Operationalise OSINT

Course Details

Training Level: Beginner; Intermediate

Price

Early Bird: RM5,000 (Use Code: SS2024TEB. Ends 31st May, 2359H)
Normal: RM6,300

Course Abstract

Practical Red Team Tradecraft for Adversary Simulation features three course sections where students learn and develop skills to plan & execute adversary simulations against a mature Enterprise network that comprises of Active Directory and Endpoint Protection Services.

This training covers practical Red Team tradecraft ranging from the building of a modern-day Red Team Infrastructure to weaponizing evasive techniques to slip-by endpoint detections, and ends with the infiltration of an multi-forest Active Directory network.

By the end of this training, students will be able to carry out a full-blown Red Team engagements consistently to measure the effectiveness of People, Process, and Technology pillars employed by an organization.

Course Outline

  1. Chapter 1: Introduction to Red Teaming.
    • MITRE® ATT&CKTM & Cyber Kill Chain
    • Command & Control (C2) Frameworks
    • Listeners and Communication Channels
    • Inner Workings of C2 Implant
    • C2 Malleable Profile
    • Modern C2 Infrastructure Design
    • Extending C2
  2. Chapter 2: Operational Security (OPSEC) & Endpoint Evasion.
    • Anti Malware Scanning Interface (AMSI) Bypass
    • Static Analysis Evasion
    • Dynamic Analysis Evasion
      • Parent Process ID (PPID) Spoofing
      • Command Line Arguments Spoofing
    • Memory Scanning Evasion
      • Sleep Obfuscation
      • Thread Stack Spoofing
    • Malware Development
      • Introduction to Win32 & Windows Native API
      • Process Injection Techniques
      • Userland-hooks Evasion
    • Post-Exploitation Defense Evasion
    • System Hardening Breakout
  3. Chapter 3: Active Directory Compromise
    • Active Directory Crash Course
    • Active Directory Attack Chain
      • Enumeration
      • Kerberos & Impersonation Attacks
      • Local Privilege Escalation
      • Domain Privilege Escalation
      • Lateral Movement
      • Pivoting
      • Cross Forest Attacks
      • Persistence
      • Data Exfiltration

Who should attend?

  • Offensive Security Professionals/Red Team Operators looking to sharpen their adversarial simulation tradecraft with an emphasize on stealth.
  • Blue Team Members/SOC Analysts looking to better understand how adversaries operate and to identify potential opportunities for detection.

Key Learning Objectives

  • Craft and execute an adversary simulation plan.
  • Build and maintain a resilient C2 infrastructure.
  • Exercise operational security throughout the attack chain.
  • Leverage initial access to elevate and propagate through an Enterprise Active Directory network.

Prerequisites

  • Strong fundamental knowledge of Networking and Windows & Linux Operating System.
  • Foundational knowledge of Offensive Security is highly encouraged.
  • A basic understanding and general competency in C, C++, C#, Rust programming languages can be advantageous.

What to bring?

  • Students should have their own laptop/device with the latest version of VMware Player/Workstation installed.

Trainer Profile

Wesley Wong Kee Han

Wesley is currently a Security Consultant at Privasec RED. With 4 years of experience in Infosec, he brings in a wealth knowledge and expertise in the area of Red Teaming and Active Directory that are aligned to prestigious certifications such as Offensive Security Certified Professional (OSCP), Certified Red Team Operator (CRTO) and Certified Red Team Lead (CRTL).

Prior to that, with a series of Capture-The-Flag (CTF) wins under his belt, Wesley had also once sailed under the Malaysia banner at regional events such as ASEAN Cyber Shield. At the present, he is playing with M53 – a union CTF team in Malaysia to showcase the nation’s cybersecurity competency in an international stage.

David Lim Wei Xun

David is a seasoned cybersecurity specialist with 4 years of experience in Infosec. He is skilled in red teaming methodologies, adept at simulating real-world cyber attacks. With these skills, he has proven his knowledge and conquered certification exams such as OSCP, CRTO, and CRTL. Moreover, he is deeply passionate about topics such as cryptography, leveraging advanced encryption techniques to thwart potential threats.

In addition to being an alumnus of Malaysia Cybersecurity Camp (MCC), a rapidly growing cybersecurity community in Malaysia known for discovering young talents in the field, he is also a part of the M53, sharing knowledge and actively participating in CTF events with local experts. Currently, he works as a Penetration Tester at Intertek NTA Malaysia.

Scroll to top