On This Page

Adaptive Red Team Tactics

Veris Group | August 1-2 & 3-4


Advanced attackers are able to infiltrate and devastate enterprise networks, appearing as ghosts in the machine while exfiltrating vast amounts of information. The best way to secure an enterprise against these adversaries is test the system using similar adversarial tradecraft in controlled red team operations. If you want to take your skillset to the next level and operate like actual advanced adversaries, then Adaptive Red Team Tactics is the course for you. Building on Veris Group's Adaptive Penetration Testing class, this immersive course teaches real-world adversarial tactics, techniques and procedures (TTPs), refined based on our operational experience. We will teach you how to bust through egress filters, evade anti-virus, escalate in modern environments, move laterally without notice, abuse network and domain trusts, identify high-value targets, and mine for sensitive data. And we will show you how to incorporate this tradecraft into your engagements, whether they last five days or five weeks. You will spend the majority of this course using advanced techniques and toolsets the techniques covered to attack a fully functional high-security enterprise network, protected by live network defenders.

You will use advanced red team operator platforms and custom open-source software (such as the Veil-Framework, developed by Veris Group testers) to deliver customized payloads, bypass security controls through cutting-edge evasion techniques and conduct advanced post-exploitation activities, all within a collaborative team environment. Enemies have been operating like this for years; it's time penetration testers do as well.

At the conclusion of the course, participants will be able to:
  • Effectively emulation modern adversarial TTPs in customer networks
  • Avoid detection through stealthy reconnaissance and move silently through a network
  • Create highly targeted attacks to gain entry into a network
  • Bypass common security controls such as Firewalls, IDS sensors, and Anti-Virus programs
  • Employ Red Team tactics via practice in attacking an enterprise network with the full range of defensive capabilities (detection and active response)
  • Demonstrate the impact of attacks by advanced threat actors
  • Reference an electronic PDF job aid, complete with navigation, during actual assessments

Who Should Take this Course

Participants should have previous penetration testing training and/or experience with penetration testing tools and techniques. This includes conducting information gathering, completing network enumeration, launching exploits, conducting privilege escalation, gathering post-exploitation information, and developing network foothold activities. Participants are encouraged to attend Veris Groupês Adaptive Penetration Testing course first, as this course builds on the topics presented there.

Student Requirements

See what to bring.

What Students Should Bring

A custom version of the latest Kali Linux image will be provided to participants _ all exercises will be able to be performed from this virtual machine. Participants will need to bring their own laptop with:
  • Wired network adapter
  • 4GBs of RAM
  • Ability to run a virtual machine (VMWare Player, Workstation, Fusion)

What Students Will Be Provided With

N/A (listed in course description)


David McGuire is the Director of Veris Group's Adaptive Threat Division, where he leads penetration testing and Red Team efforts for Fortune 500 commercial clients and major U.S. Government agencies. David has extensive experience in conducting large scale, highly specialized adversarial network operations. In addition, he has spent several years training participants from various disciplines in red team operations and penetration testing methodologies, including at major industry conferences such as the Black Hat. In his previous life, David was the senior technical lead the National Security Agency Red Team, providing mission planning and direction through numerous large scale operations. He has a Bachelor's Degree in Computer Information Technology and is a CREST Certified Infrastructure Tester, GIAC Certified Penetration Tester, GIAC Certified Web Application Penetration Tester and an Offensive Security Certified Professional.

Justin Warner is the Red Team Capability Lead with Veris Group's Adaptive Threat Division where he leads specialized teams to conduct red team engagements and penetration tests for multiple Fortune 500 commercial clients and major U.S. Government agencies. Justin focuses on reverse engineering, threat emulation, and has a passion of studying adversarial techniques for use during defensive and offensive engagements. Justin is a developer on the Veil-Framework, volunteers as the red forces for numerous exercises and has presented at several security conferences including Shmoocon Firetalks, Carolinacon, and BSides Chicago. Previously Justin worked as a Cyber Operations Officer for the United States Air Force and holds a Bachelors degree in Computer Science with specialization in Cyber Warfare from the United States Air Force Academy. Justin is an Offensive Security Certified Professional (OSCP) and holds several GIAC certifications as well.

Will Schroeder is a research lead and red teamer for Veris Group's Adaptive Threat Division, where he performs a variety of offensive services, including penetration testing and red team engagements for federal agencies and private sector companies. His expertise includes anti-virus evasion, threat replication, post-exploitation, Cortana attack scripting, and offensive Powershell development. Will is a developer of the Veil-Framework and has presented at a variety of security conferences including Shmooon, Defcon, and several Security BSides conferences. He has a strong computer science and security background, having worked at two of the leading cybersecurity research labs in the country, Sandia National Labs and SEI/CERT. Will holds a Masters in Information Security from Carnegie Mellon University, is an Offensive Security Certified Professional (OSCP) and an Offensive Security Certified Expert (OSCE).