Advanced Threat Emulation: Red Teams

Course Summary

Red teaming aims to stress an organization’s defensive posture and provides a snapshot of how they will perform against day-to-day threats. Modern enterprises leverage a Red Team exercise to identify areas of weakness within their organization. These types of exercises are only as good as the real-world threats they are designed to emulate. This is why careful planning is essential to any successful Red Team operation. This course will teach the process and methodology of planning and executing a Red Team engagement. Students will learn to ingest Open-Source Intelligence (OSINT) to replicate adversary Tactic, Techniques, and Procedures (TTPs) and provide effective feedback to Blue Teams.

Students will begin by analyzing a representative organization to identify core objectives for an engagement and negotiate Rules of Engagement (ROE). Next, they will construct tailored emulation plans to meet their customer objectives and build a secure cloud-based Red Team infrastructure for executing against the lab-hosted enterprise network. In addition to exploring TTPs most commonly employed by APTs, this course teaches the basics behind Red Team campaign planning, team coordination, and executing Command and Control (C2) implants utilized in coordinated multi-operator engagements.

Who Should Take This Course

This class is intended for offensive and defensive security professionals wanting to learn how to effectively emulate Advanced Persistent Threats (APTs) and conduct Red Team engagements against enterprise networks. Students are encouraged (but not required) to have experience in network defense, incident response, and/or offensive tools and techniques.

Course Schedule

Day 1:

• Introduction to Red Teaming
• Attack Frameworks and Methodologies
• Windows Attack Surfaces
• Overview of Post Exploitation Frameworks

Day 2:

• Red Team Campaign Planning
• Open Source Intelligence (OSINT) & Reconnaissance
• Establishing and Building Secure Red Team Infrastructure

Day 3:

• Initial Compromise and Access
• Maintaining Access and Network Persistence
• Host and Network Enumeration
• Privilege Escalation methods

Day 4:

• Lateral Movements and Pivots
• Indicators of Compromise (IOC)
• Effective Defender Feedback
• Report Generation

Course Objectives

• Understand how to develop and execute Red Team campaign plans
• Building secure Red Team infrastructure
• Understand how to exploit Windows attack surfaces
• Learn to conduct Open-Source (OSINT) and reconnaissance on a target
• How to perform an initial compromise of enterprise networks
• How to execute Host and Network Enumeration
• Understand various persistence techniques used by the attackers
• How to leverage and exploit system misconfigurations
• Understand how to leverage built-in system tools for lateral network communication
• Determine the network and host-based Indicators of Compromise (IOC)
• Effectively communicate assessment feedback to defender

Student Requirements

• Basic understanding of Offensive Security Tools
• Familiarity with C2 Frameworks
• Willingness to learn in a fast-paced environment

Hardware Requirements

• Laptop with 8GB of RAM
• Virtualization Software (VMware, VirtualBox, etc)
• Up-to-date Kali Linux Virtual Machine
• Modern Web Browser (Chrome, FireFox, etc)
• Microsoft Office (any version) or OpenOffice.

What Students Will Be Provided With