On This Page

Applied Defense and Offense: Understanding Attackers Through Red Team Tactics - Purple Teams

TrustedSec | August 4-7


Immerse yourself in a simulated corporate environment where you will learn hands on both the latest attacker techniques, but most importantly how to detect the attacks. This course will apply offensive techniques used by adversaries and penetration testers to help teach offensive methods as well as the best approach to detect both easy and hard attacks. Learn to circumvent the latest security tech, move laterally across systems, and gain access to data while learning how to detect these each step of the way. This course is designed for beginners, intermediates, and season defenders and penetration testers taught by some of the leading experts in information security.

Overview Day 1

  • Introduction to Attacker Techniques
  • Common Methods for Exploitation
  • Diving into Recon and Open Source Intelligence Gathering (OSINT)
  • Threat Modeling
  • Vulnerability Analysis
  • Exploitation
  • Post Exploitation
  • Reporting
  • Methods for Persistence and Evasion
  • Exercise I: First compromise
  • Lateral Movement and Pivoting
  • Exercise II: Lateral Movement

Day 2 Outline

  • Introduction to Python Programming
  • Input/Output with OS Commands
  • Python Network Programming
  • Building a Custom C2 Infrastructure
  • Exercise I: Writing your own backdoor
  • Circumventing Security Defenses through Custom Code
  • Advanced Persistence Methods (COM/DCOM)
  • Application Control Bypasses (C#/.NET code execution)
  • PowerShell Evasion and Exploitation
  • OS X and Linux Exploitation and Persistence
  • Exercise II: Simulated Breach

Day 3 Outline

  • Developing a Common Defense
  • Introduction to Hunt Teaming
  • Detection through Event Log Analysis
  • Exercise I: Basic Detection
  • Tools, tricks, and free scripts!
  • Network Analysis
  • Identifying threats on the network
  • Identifying threats on the endpoint
  • Walkthrough of Elastic Search, Logstash, and Kibana (ELK)
  • Walkthrough of GrayLog
  • Building custom detection
  • Exercise II: Identifying Behavior
  • Using existing technology in the network

Day 4 Outline

  • Analyzing Malicious Files
  • Understanding C2 Infrastructure and Patterns of Behavior
  • Exercise I: Analyzing Malicious DOCX/XLS
  • PowerShell Programming Hands On
  • Exercise II: Writing your Own PowerShell Detection
  • OSX and Linux Detection
  • Exercise III: Simulated Attack and Defense

Who Should Take this Course

  • Defenders
  • Penetration Testers
  • Beginners to Offense
  • Wanting to learn coding
  • Hunt Teams
  • Anyone looking to strengthen their offensive and detection capabilities.

Student Requirements

Students should have an understanding of basic Linux commands and be able to navigate through Linux.

What Students Should Bring

Students must have a laptop with VMWare/Fusion or similar (VirtualBox is not recommended) and ability to run multiple VMs.

What Students Will Be Provided With

  • A penetration testing distribution will be provided to you (through PenTesters Framework) and other virtual machines. Additionally a fully simulated network will also be provided for the course.
  • Free scripts, tools, and custom code to help defend and understand offense. All presentation slides and a course handout with all of the commands.


David Kennedy is founder of TrustedSec, Binary Defense Systems and DerbyCon. TrustedSec and Binary Defense is focused on the betterment of the security industry from an offense and a defensive perspective. David also serves as a board of director for the ISC2 organization. David was the former CSO for a Diebold Incorporated where he ran the entire INFOSEC program. David is a co-author of the book "Metasploit: The Penetration Testers Guide", the creator of the Social-Engineer Toolkit (SET), Artillery, Unicorn, PenTesters Framework (PTF), and several popular open source tools. David has been interviewed by several news organizations including CNN, Fox News, MSNBC, CNBC, Katie Couric, and BBC World News. David has also helped on the Mr. Robot TV show on hacker techniques. David is the co-host of the social-engineer podcast and on several additional podcasts. David has testified in front of Congress on two occasions on the security around government websites. David is one of the founding authors of the Penetration Testing Execution Standard (PTES); a framework designed to fix the penetration testing industry. Prior to the private sector, David worked for the United States Marine Corps and deployed to Iraq twice for intelligence related missions.