ＨｉｄｅＺｅｒｏＯｎｅ

The Red Team & Operational Security course is designed to help the candidates build the capabilities to simulate a modern adversary. This course will take you through the different stages of an Attacker killchain. You will initially learn to build your own Attack Infrastructure Setup in AWS, Azure or GCP using various Open Source and Commercial Command & Control Systems. After configuring the C2, you will learn to hide your C2 with Domain fronting and Redirectors and modifying the C2 Artefacts such as hiding your stage artefacts and identifying Cloud based Sandboxes and learn to build different types of initial access implants in Word, Excel, HTA and MSI using Open Source Tools and building some part of the code in-house in order to avoid EDR and Network-based Detections.

After gaining the initial access, you will be given access to Active Directory Domain Enviornment Lab on the cloud where you will first execute your initial access implant and gain access to a host. From thereon, you will perform different types of local and Active Directory enumeration to further escalate your privileges to an Enterprise Administrator. These attacks will use but not limited to understanding the Active Directory environment, Kerberos, domain enumeration with open source tools, Brute Ratel post exploitation toolkit and LDAP Queries, exploiting domain service misconfigurations such as unconstrained and constrainged delegations, certificate abuse and more.

Dark Vortex: Red Team & Operational Security

SEC564 will provide students with the skills to plan and manage Red Team Exercises. Students will understand the tactics, techniques, and procedures (TTPs) used by the adversary to create an adversary emulation plan leveraging MITRE ATT&CK (Adversary Tactics, Techniques, and Common Knowledge). Students will emulate an adversary

Syllabus

 SEC564: Red Team Operations and Threat Emulation

So you popped a shell, now what? Windows Post Exploitation focuses on four major components of any adversary simulation or red team exercise: enumeration, persistence, privilege escalation, and lateral movement. Each of these steps will be covered in detail with hands-on labs in a custom Active Directory environment. In addition, students will learn several modern techniques to minimize opportunities for detection. This course goes beyond teaching popular tactics, techniques, and procedures. Instead, students will learn how to covertly gather and leverage information about a target environment to achieve their objectives efficiently. A review of each post-ex capability will include discussion on the OPSEC implications and publicly documented detection recommendations. Open-source SIEM rules from Sigma and Elastic will be used as a starting point for avoiding alert generation. No technique is undetectable; the key is understanding an environment’s detection capabilities and choosing the best course of action.

Antisyphon: Windows Post Exploitation w/ Kyle Avery

This is  a collection of Offensive Security’s curated cyber security learning paths These learning paths are designed to provide a comprehensive understanding of various cyber security domains, such as network penetration testing, web application security, wireless security, secure software development, and cloud security . Each learning path is tailored to suit the needs of cyber security enthusiasts, from beginners to advanced learners

The RTFM Video Library is an invaluable resource for serious Red Team members who find themselves on critical missions. Led by a seasoned Red Team operator, this high-quality video series delves into various aspects of offensive security, providing practical guidance and insights.

Syllabus

1: Infrastructure Setup
2: Initial Access
3: Situational Awareness
4: User Level Persistence
5: Escalation
6: Lateral Movement
7: Active Directory Enumeration
8: Domain Fortification
9: Hunting for User Workstations
10: Active Directory Forest Compromise
11: Secret Enclave Compromise
12: Pivoting through Tunnels

RTFM – Red Team Field Manual

Enterprises have been working tirelessly to improve their security postures through defense-in-depth approaches. Offensive teams have also been putting in long hours of research into bypassing the latest EDR’s and defensive products that keep them on their toes. Long gone “hopefully” are the days of hurdling an HTA file laced with a download cradle at a mature organization with a “Free iPad” ruse and watching your screen fill with incoming agents. An offense-in-depth approach may be applied to offensive practitioner’s looking for success against organizations well-versed in defending a large enterprise. Today’s organizations have assets in multiple geo regions, networks, cloud services, border hosts, and many of them are tied to the internal network in some way. This course aims to help offensive practitioners successfully exercise their client environments from a multi-faceted approach using the latest TTPs blended with esoteric practices to gain the upper hand on your assessments.

Antisyphon: Enterprise Attack Initial Access w/ Steve Borosh