Adaptive Red Team Tactics
Overview
Sophisticated attackers are able to infiltrate and devastate enterprise networks, appearing as ghosts in the machine while exfiltrating vast amounts of information. The best way to secure an enterprise against these adversaries is to test the system using similar tradecraft in controlled offensive operations. If you want to take your skillset to the next level and learn to operate in a complex enterprise environment while evading defenders, then Adaptive Red Team Tactics is the course you're looking for. Building on Veris Group's Adaptive Penetration Testing training, this immersive course teaches real-world adversarial tactics, techniques and procedures (TTPs), continuously refined based on our operational experience. We will teach you how to bust through egress filters, evade anti-virus, escalate access in modern environments, move laterally without notice, abuse trusts, leverage kerberos attacks, identify high-value targets, and mine for sensitive data. And we will show you how to incorporate these skills into your engagements, whether they last five days or five weeks.
You will spend the majority of this course using cutting-edge techniques and toolsets to attack a fully functional high-security enterprise network, protected by live network defenders with modern response capabilities. You will use leading red team operator platforms and custom open-source software developed by Veris Group's Adaptive Threat Division (including Empire, PowerSploit, PowerView and PowerUp) that is used industry wide to conduct offensive engagements. These tools will enable you to deliver customized payloads, bypass security controls through cutting-edge evasion techniques and conduct advanced post-exploitation activities, all within a collaborative team environment. Enemies have been operating like this for years; it's time penetration testers do as well.
The following topics will be covered in this course:
Day 1:
- Red Team Operations Management
- Attack Infrastructure Deployment
- Intelligence Gathering and Evasion
- Covert Network Reconnaissance
- System Profiling and Gaining Covert Access
- Gaining Situational Awareness
Day 2:
- Escalation of Access
- Advanced Lateral Movement, Trust Abuse
- Bypassing Host and Network Security Controls
- Establishing Long-Term Persistence
- Post-Exploitation Intelligence Analysis and Data Exfiltration
- Identifying Risk and Demonstrating Impact
Who Should Take this Course
Participants should have previous penetration testing training and/or experience with penetration testing tools and techniques. This includes conducting information gathering, completing network enumeration, launching exploits, conducting privilege escalation, gathering post-exploitation information, and developing network foothold activities. Participants are encouraged to attend Veris Group's Adaptive Penetration Testing course first, as this course builds on the topics presented there.
Student Requirements
Please see "Who Should Take This Course" section
What Students Should Bring
A custom version of the latest Kali Linux image will be provided to participants all exercises will be able to be performed from this virtual machine. Participants will need to bring their own laptop with:
- Wired network adapter
- 4GBs of RAM
- Ability to run a virtual machine (VMWare Player, Workstation, Fusion)
What Students Will Be Provided With
Students will receive all course materials and lab manuals in electronic PDFs
Trainers
Justin Warner is the Red Team capability lead with Veris Group's Adaptive Threat Division where he leads specialized teams to conduct red team engagements and penetration tests for multiple Fortune 500 commercial clients and major U.S. Government agencies. Justin focuses on reverse engineering, threat emulation, and has a passion of studying adversarial techniques for use during defensive and offensive engagements. Justin is a developer on the Powershell Empire project, volunteers as the red forces for numerous exercises and has presented at several security conferences including Shmoocon Firetalks, CarolinaCon, and BSides Chicago. Previously Justin worked as a Cyber Operations Officer for the United States Air Force and holds a Bachelors degree in Computer Science with specialization in Cyber Warfare from the United States Air Force Academy. Justin is an Offensive Security Certified Professional (OSCP) and holds several GIAC certifications as well.
Matthew Nelson is an experienced technical security analyst who was a system administrator in a previous life. Matt is a recent addition to Veris Group's Adaptive Threat Division, but brings a passion for pushing red team TTPs into the security industry. He is a co-developer and contributor to the Powershell Empire project and contributes to many open source security projects. Matt has spoken at BSidesDC and is an avid blogger talking about many of the offensive techniques he has learned and weaponized. Matt is also an Offensive Security Certified Professional (OSCP).
Andrew Robbins is a penetration tester and red teamer for Veris Group's Adaptive Threat Division. Andy has performed penetration testing of banks, credit unions, and healthcare providers across the United States. In addition, Andy researched and presented findings related to a business logic flaw with certain processes around handling ACH files affecting thousands of banking institutions around the country at Derbycon. He also developed internal toolsets in Python for efficiently analyzing massive amounts of web interfaces and for covertly enumerating open outbound TCP ports on client networks. Finally, Andy developed and taught penetration testing courses designed for full-time system and network administrators. In addition, Andy is also a co-author of BloodHound, a tool designed to reveal the hidden and unintended permission relationships in Active Directory domains.
