Advanced Red teaming: weaponization & adversary Simulation

This course focuses on developing cyber weapons that can evade AV detection, EDR logs, and forensics traces, exactly like APT attacks. It will provide you with insights into improving your organization's overall detections and security posture.

Custom Engagement

Reserve your seat now and cancel for any reason for a 100% refund.*

Schedule:


August 22th, 23th, 24th, and 25th 11:00 AM – 06:00 PM UTC Timezone (4 days).

Syllabus


 

Day 1

  • APT Attacks & Red Team Infrastructure on AWS
    • What is an APT Attack?
    • ​What are the Attack Stages? And what's MITER ATTACK?
    • APT attack lifecycle
    • ​Examples of real-world APT attacks
    • Deep dive into the attackers' tactics, techniques, and procedures (TTP) Using Threat Intelligence
    • Understand the attackers' malware arsenal
    • ​Setting Up Your Infrastructure in the cloud
    • ​Setting up your account in AWS & Terraform
    • ​Build your network and Caldera VM in the cloud
    • ​Create Redirectors to obfuscate your C&C IP
  • Phishing & Social Engineering Mastery
    • Create a Phishing Platform using GoPhish & EmailGun
    • Create Your Phishing Pages using EvilGinx 2
    • Build Your Phishing plan using OSINT
    • ​Build your phishing emails templates
    • ​Bypass 2-Factor Authentication using EvilGinx 2
  • Initial Access: Get your foot into the organization network
    • Spearphishing with a malicious document
    • Spearphishing with link
    • Spearphishing using social media
    • Advanced Execution Techniques: LNK Files
    • ​Advanced Execution Techniques: COM Objects
    • Write your first spear-phishing attack with a malicious document (Hands-on)

Day 2

  • Write Your First HTTP Malware
    • Build a Vulnerable organization in AWS
    • Connect to Caldera C2 using HTTP
    • Implement Base64 encoding in your malware
    • Implement JSON parsing in your malware
    • ​Send victim machine information to your C&C
    • ​Receive and execute commands from Caldera
    • ​Automate command execution across multiple victims
  • Malware Plugin Framework Implementation
    • Add a framework for plugins with additional features
    • Add a keylogger plugin to log keystrokes and steal credentials.
    • Add commands for Caldera to download the keylogger logs
  • Maintaining Persistence In-Depth (Advanced Techniques)
    • Maintain Persistence in the victim machine
    • Advanced Persistence methods
    • Disguise the malware inside a legitimate process
    • Persistence through DLL Injection
  • Privilege Escalation Techniques
    • UAC bypass techniques
    • ​Advanced UAC bypass techniques: Abusing Application Shimming
    • Abuse services for privilege escalation
    • Escalate to the SYSTEM account.

Day 3

  • Defense Evasion: Malware Obfuscation
    • Malicious Documents: VBA Stomping
    • Strings Encryption
    • ​Dynamic API Loading
    • ​Hidden In Plain Sight: Malware Steganography
  • Defense Evasion: Network Obfuscation
    • Network Data Encryption
    • Hidden In Plain Sight 01: HTML Smuggling
    • ​Hidden In Plain Sight 02: Steganography
    • ​HTTPS Communication
    • ​Using legitimate websites for communications
    • DNS Flux and DNS over HTTPS
    • Other Protocols & Channels (ICMP, DNS)
  • Defense Evasion: Bypass EDRs & Behavioral-Based Detection
    • Process Injection & DLL Injection
    • Sysmon & ​EDR Bypass Techniques
    • Unhook EDR APIs
    • ​Invisible Process Injection Without Alerting EDRs
    • ​AppLocker And Application Whitelisting bypass Techniques

Day 4

  • Impersonating Users: Credential Theft & Token Impersonalization
    • Credential Theft using lsass memory dump
    • Bypass lsass protection
    • Token Impersonation & Logon Types Overview
    • Token Impersonation implementation in your malware
    • ​Steal Remote Desktop Sessions
    • ​Lateral movement using Caldera and your agent
  • Lateral Movements
    • NTLM Attacks: Pass The Hash
    • ​Kerberos Attacks: Pass The Ticket
    • Kerberos Attacks: Overpass The Hash
    • Silver & Golden Tickets
    • Lateral movement using Scheduled tasks
    • ​Lateral movement using Remote COM Objects
    • ​Lateral movement using WMIC & Powershell Remoting

Description:


Advanced Red Teaming: Weaponization & Adversary Simulation is a hands-on offensive training that focuses on helping organizations battle against targeted attacks by simulating their adversaries and putting your defenses and your blue team at the test.

This training focuses on developing cyber weapons that can evade AV detection, EDR logs, and forensics traces like how advanced targeted attacks do and provide you with insights into improving your organization's overall detections and security posture.

WHO IS THIS TRAINING FOR?


This training is for:

  • Cyber Security Professionals
  • Penetration Testers
  • Purple Teamers & Threat Hunters
  • Incident Handlers
  • ​SOC Analysts

Who want to expand their skills in threat hunting, understand how real-world attacks look like and better protect their organizations against APT Attacks, Targeted Ransomware attacks, and Fileless attacks.

Pre-requisites


  • Good IT administration background in Windows mainly (Linux is preferred)
  • Good cybersecurity background
  • Good programming skills in C++

Course Author


Amr is a vulnerability researcher at Tenable and a former malware researcher at Symantec. He is the author of Mastering Malware Analysis, published by Packt Publishing. He had worked on analyzing multiple nation-state-sponsored attacks, including the NSA malware families (Stuxnet & Regin), North Korea (Contopee), and many other highly advanced attacks.

Amr has spoken at top security conferences worldwide, including DEFCON and VB Conference. He was also featured in Christian Science Monitor for his work on Stuxnet.

Training Highlights


Cyberattacks are undoubtedly rising, targeting government, military, public, and private sectors. These cyber-attacks target individuals or organizations to extract valuable information, gain money through a ransom or damage their reputation. 43% of cyber attacks these organizations are facing are Advanced Malware, APT Attacks, or zero-day attacks.


With adversaries getting sophisticated, the best way to test enterprise security operations & defenses against them is through simulating their attacks, leveraging the same tactics, techniques, and procedures (TTP).


This intensive live training will take you on a journey into the attacker mindset. We will be covering how real APT Attacks ransomware attacks attack and bypasses the organization's defenses and detection systems. We will detect, investigate and hunt these attacks through live and digital forensic artifacts. You will as well build a threat hunting process to detect these attacks later on and proactively protect your organization against current threats.

System Requirements


  • Laptop with minimum 8GB RAM and 60GB free hard disk space.
  • ​You can use VirtualBox or other virtualization software. However, the training will be delivered based on VMware Workstation (you can use the trial version). 
  • ​Delegates must have full administrator access for the Windows operating system installed inside the VMware Workstation/Fusion.
  • ​Delegates have Microsoft Visual Studio or GNU C++ Compiler installed on their machine and their preferred Code Editor (Visual Studio or VS Code are preferred)
Note: VMware player is not suitable for this training.

Group Discounts:


  • A discount of $150 per training applies to organizations registering 2-4 seats.
  • A discount of $200 per training applies to organizations registering 5 or more seats.

Cancellation Policy:


Full refunds will be provided up to 14 days before the course start date. Course changes are allowed up to 10 days before the event start (some restrictions will apply). Attendee changes can be accommodated up to 14 days prior to the event.

Note: In the event of a class cancellation CyberDefenders will endeavor to offer transfer to another training at no additional charge.