The Windows Internals Red Team Operator [CWI-RTO] lab offered by cyberwarfare.live is a comprehensive, hands-on learning environment designed to provide real-world experience in Microsoft Windows Internals. In this lab, you will unveil common Win32/NT APIs used by malwares and understand how malwares abuse internals from a user-mode perspective. You will perform various challenges/exercises to learn Windows Internals. You will also learn different kernel data structures (EPROCES, ETHREAD, KPCR etc.) through Windbg.

ادامه مطلب

The Stealth Cyber Operator [CSCO] lab offered by cyberwarfare.live is a comprehensive, hands-on learning environment designed to provide real-world experience in stealth cyber operations. In this lab, you will learn how to develop trade-craft for offensive operations and abuse improperly placed and mis-configured security controls in infrastructure. You will also learn resource abuse using Windows APIs, C, C++ & Csharp. The lab focuses on utilizing trade-craft for Red Teaming in a hardened environment and leveraging endpoint security controls (AV, EDR) and much more.

ادامه مطلب

The Red Team Specialist [CRTS V1] lab offered by cyberwarfare.live is a comprehensive, hands-on learning environment designed to provide real-world experience in performing adversary simulations. In this lab, you will perform adversary simulations in an Electric PowerGrid Facility You will exploit AD Domain & Certificate Services, Exchange, SSO, MFA & VDI. The lab allows you to follow the Red Team Cycle in multi-segregated networks. Two unique paths are mapped with MITRE ATT&CK for Enterprise. The covered TTPs can be as-is implemented during a realistic engagement.

ادامه مطلب

Automation is necessary to be efficient and successful in security for both offensive and defensive teams. Furthermore, with the rapid pace of migration to cloud infrastructure, the need to interact with infrastructure through automation is more important than ever. PowerShell is the language and shell that drives automation across the Windows and Azure ecosystem. Sitting on top of the massive .NET class library, there is very little that can not be done in PowerShell. Today, PowerShell is relied upon by red teams, threat hunters, incident responders, penetration testers, criminals, and nation-state adversaries alike. Before robust detection capabilities were widely deployed, PowerShell was also the tool of choice for attackers to evade detection. Between the modern security features offered and the fact that most AV/EDR solutions have a PowerShell prevention/detection component, it is imperative that both red teamers and blue teamers understand the defensive landscape when building and using tools within the language.

ادامه مطلب

Upgrade your red team tradecraft with cutting-edge Tactics, Techniques, and Procedures (TTPs) used by attackers in real-world breaches. This course will teach participants how to infiltrate networks, gather intelligence, and covertly persist to simulate advanced adversaries. Participants will use the skillsets taught in this course to go up against incident response in a complex lab environment designed to mimic an enterprise network. You’ll learn to adapt and overcome active response operations through collaborative feedback as the course progresses.

ادامه مطلب

In Adversary Tactics: Tradecraft Analysis, we present and apply a general tradecraft analysis methodology for offensive TTPs, focused on Windows components. We discuss Windows attack techniques and learn to deconstruct how they work underneath the hood. For various techniques, we identify the layers of telemetry sources and learn to understand potential detection choke points. Finally, the course culminates with participants creating their own technique evasion and detection strategy. You will be able to use the knowledge gained to both use your telemetry to create robust detection coverage across your organization, and truly assess the efficacy of that coverage.

ادامه مطلب