ＨｉｄｅＺｅｒｏＯｎｅ

Automation is necessary to be efficient and successful in security for both offensive and defensive teams. Furthermore, with the rapid pace of migration to cloud infrastructure, the need to interact with infrastructure through automation is more important than ever. PowerShell is the language and shell that drives automation across the Windows and Azure ecosystem. Sitting on top of the massive .NET class library, there is very little that can not be done in PowerShell. Today, PowerShell is relied upon by red teams, threat hunters, incident responders, penetration testers, criminals, and nation-state adversaries alike. Before robust detection capabilities were widely deployed, PowerShell was also the tool of choice for attackers to evade detection. Between the modern security features offered and the fact that most AV/EDR solutions have a PowerShell prevention/detection component, it is imperative that both red teamers and blue teamers understand the defensive landscape when building and using tools within the language.

Upgrade your red team tradecraft with cutting-edge Tactics, Techniques, and Procedures (TTPs) used by attackers in real-world breaches. This course will teach participants how to infiltrate networks, gather intelligence, and covertly persist to simulate advanced adversaries. Participants will use the skillsets taught in this course to go up against incident response in a complex lab environment designed to mimic an enterprise network. You’ll learn to adapt and overcome active response operations through collaborative feedback as the course progresses.

In Adversary Tactics: Tradecraft Analysis, we present and apply a general tradecraft analysis methodology for offensive TTPs, focused on Windows components. We discuss Windows attack techniques and learn to deconstruct how they work underneath the hood. For various techniques, we identify the layers of telemetry sources and learn to understand potential detection choke points. Finally, the course culminates with participants creating their own technique evasion and detection strategy. You will be able to use the knowledge gained to both use your telemetry to create robust detection coverage across your organization, and truly assess the efficacy of that coverage.

The Adversary Tactics: Mac Tradecraft course, hosted by SpecterOps, immerses participants in a modern macOS hybrid environment, closely resembling real-world red team exercises. This course is designed for experienced red team operators who want to enhance their skills in operating against macOS endpoints.

The Red Team Infra Dev [CRT-ID] lab offered by cyberwarfare.live is a practical, hands-on learning environment designed to provide real-world experience in developing OPSEC safe Red Team Infrastructure. In this lab, you will learn how to utilize legitimate cloud and on-premise services for both internal and external operations. You will also create your own re-director and payload server. The lab features a professional Red Team attack case study, providing you with the opportunity to apply the skills you’ve learned in a realistic scenario.

The Purple Team Analyst (CPTA V1) course offered by CyberWarFare Labs is an advanced cyber attack and detection learning platform. The course is designed to provide an in-depth understanding of various Web, Network, Host, and Active Directory-based attacks by various defensive solutions.