Red Team Tactics: Tooling, Evasion & Strategy
Join us for our premiere Red Team training course. Modern day attackers are relentlessly developing new tradecraft and methodologies that allow them to successfully compromise hardened targets for a variety of motivations. While it may look easy from the outside, there are many latent steps that attackers take to ensure their success. Our job as red teamers is emulate this attack life cycle in an effort to identify and remedy these vulnerabilities.Red Team Tactics Syllabus
You’re going to learn methods to capture information about your target before even gaining access, writing custom malware to evade detection, use the latest application whitelisting bypasses to survive and compromise protected systems, develop strategies for persisting within the target environment, and accomplishing the goals of your assessment.
- Custom Tooling – All students will receive the custom scripts and tools used by Red Siege on red team assessments. We’re here to help provide students with the best training and capabilities, so we’re sharing our internally developed code which helps ensure we break into our customer’s networks and take what we want.
- Not Getting Caught – Everything you do leaves a footprint. By heavily focusing on blending in and minimizing our attack footprint, students will learn how to avoid detection. We cover many techniques not widely discussed, such as stripping out network, host, and in-memory indicators that get attackers caught. Students learn how to customize malware and C2 to avoid being detected, including environmental keying and numerous methods to bypass sandbox detection.
- Hands-on Phishing and Malware Development – Students will write small pieces of malware for phishing, as well as weaponizing application allowlisting bypasses to compromise the lab environment. We genuinely believe in the power of writing custom malware targeted to specific environments, and we want our students to have the capability to develop this for their own tests.
What we provide our students
Students will be provided with class materials and a virtual machine that will be used for the course.Get Started Now
Best part of the class for me was how applicable all the concepts you taught were. It’s directly usable information that I can take and use on engagements now.Beau, Senior Security Analyst
The course material was great! Hard to pick a favorite part of the class, because the material and lab were both solid.Bryce, Red Team Lead
It’s hard to understand and keep up with what’s new and out of date. The class really helped make sense of where things were vs. where they are now.Mike, Red Teamer
Initial Access Operations
One of the most critical aspects of any Red Team Assessment is obtaining initial access into your target’s environment. The ability to capture valid credentials or execute code within your target’s environment is the first step toward accomplishing the rest of your assessment goals.Initial Access Ops Syllabus
You will learn a variety of techniques used by attackers to phish companies and then write their own malware in a hands-on environment.
- Understanding Development Methodology – Nearly all of Initial Access Operations is designed to have you write your own malware, however if you don’t know how to start, how do you? This course is designed to walk you through the methodology that our team follows when we write our own malware for our assessments. This isn’t just you being given code and told to figure it out. You’ll understand how we approach accomplishing this task when starting from scratch.
- Code Injection Techniques – Not everyone knows how easy it is to inject code into your current process. What about placing your code into a malicious process? Even then, with Sysmon having an event dedicated to catching your CreateRemoteThread call, how can you bypass this? Initial Access Operations will show you how to answer all of these questions by performing a deep dive of the various techniques that allow you to perform code injection.
- Custom Malware – Our class, and the instructors, are here to give you the tools and access to resources which will enable you to take the techniques you’re learning about and applying it to writing your own custom malware. We’ll show how you can expand upon the code samples you’re provided and truly customize the code you write to work only where you want, when you want.
What we provide our students
Students will be provided with all course materials, access to a lab environment for all software development, and all attendees are given custom code samples/templates for use during the course and future research. Finally, all attendees are given access to a Slack environment which will allow all attendees to have direct access to the instructors even after the course has ended.Coming Soon
This course gets you up to speed quickly on the most common initial access attacks being used by attackers today. Just when you think you have a firm grasp on malware and phishing, Chris digs even deeper.Brandon, Red Team Lead
There is so much to learn packed into a 2 day course and yet I feel like I understood it all. Efficient and well layed out. Highly Recommend.Gregory, Senior Offensive Ops
Interested in the training options, including custom training? Contact us for details or questions.