ＨｉｄｅＺｅｒｏＯｎｅ

Automation is necessary to be efficient and successful in security for both offensive and defensive teams. Furthermore, with the rapid pace of migration to cloud infrastructure, the need to interact with infrastructure through automation is more important than ever. PowerShell is the language and shell that drives automation across the Windows and Azure ecosystem. Sitting on top of the massive .NET class library, there is very little that can not be done in PowerShell. Today, PowerShell is relied upon by red teams, threat hunters, incident responders, penetration testers, criminals, and nation-state adversaries alike. Before robust detection capabilities were widely deployed, PowerShell was also the tool of choice for attackers to evade detection. Between the modern security features offered and the fact that most AV/EDR solutions have a PowerShell prevention/detection component, it is imperative that both red teamers and blue teamers understand the defensive landscape when building and using tools within the language.

Upgrade your red team tradecraft with cutting-edge Tactics, Techniques, and Procedures (TTPs) used by attackers in real-world breaches. This course will teach participants how to infiltrate networks, gather intelligence, and covertly persist to simulate advanced adversaries. Participants will use the skillsets taught in this course to go up against incident response in a complex lab environment designed to mimic an enterprise network. You’ll learn to adapt and overcome active response operations through collaborative feedback as the course progresses.

In Adversary Tactics: Tradecraft Analysis, we present and apply a general tradecraft analysis methodology for offensive TTPs, focused on Windows components. We discuss Windows attack techniques and learn to deconstruct how they work underneath the hood. For various techniques, we identify the layers of telemetry sources and learn to understand potential detection choke points. Finally, the course culminates with participants creating their own technique evasion and detection strategy. You will be able to use the knowledge gained to both use your telemetry to create robust detection coverage across your organization, and truly assess the efficacy of that coverage.

The Adversary Tactics: Mac Tradecraft course, hosted by SpecterOps, immerses participants in a modern macOS hybrid environment, closely resembling real-world red team exercises. This course is designed for experienced red team operators who want to enhance their skills in operating against macOS endpoints.