Course Summary
In SEC565, students will learn how to plan and execute end-to-end Red Teaming engagements that leverage adversary emulation, including the skills to organize a Red Team, consume threat intelligence to map against adversary tactics, techniques, and procedures (TTPs), emulate those TTPs, report and analyze the results of the Red Team engagement, and ultimately improve the overall security posture of the organization. As part of the course, students will perform an adversary emulation against a target organization modeled on an enterprise environment, including Active Directory, intelligence-rich emails, file servers, and endpoints running in Windows.
Building an adversary emulation plan using gathered threat intelligence
Creating a comprehensive attack infrastructure
Performing target reconnaissance
Gaining initial access
Network and Active Directory enumeration
Propagate throughout the network
Active Directory attacks
Bypassing common defense mechanisms
Collect and exfiltrate sensitive data
Producing an engagement report
Presenting Red Team actions to key personnel
Performing retesting and replaying of Red Team activities
Adversary Emulation Fundamentals
The candidate will have an understanding of common terminology, frameworks, and methodology associated with adversary emulation.
Attacking Active Directory
The candidate will have an understanding of Active Directory objects, the different authentication methods offered within an Active Directory environment, and the techniques used to attack those authentication methods.
Command and Control infrastructure
The candidate will have an understanding of command-and-control deployments, uses, channels and tools including Empire and Cobalt Strike.
Creating the Attack infrastructure
The candidate will have an understanding how to create and manage an adversary infrastructure to include, an adversary domain, DNS, and an understanding of redirection and pivoting.
Discovery and Enumeration
The candidate will have an understanding of how to perform network and Active Directory discovery and enumeration as well as how to acquire available credentials within the target environment.
Enumerating and Attacking Privileges
The candidate will understand how to determine privileges within the environment and how to escalate to the required privileges to achieve their objectives including Linux attacks and performing privilege recon remotely.
Gaining Access
The candidate will have an understanding on how to perform reconnaissance on a target, how to create and test a malicious payload, and how to deliver the malicious payload ensuring access to the target environment.
Leveraging the Domain
The candidate will have an understanding of how to move within the target environment in order to achieve the objectives of the engagement.
Persistence and Exfiltration
The candidate will have an understanding on different methods to gain persistence in a environment and how to exploit that persistence to complete the objectives of the engagement including, gaining access to a database, staging data for exfiltration, and emulating ransomware.
Red Team Engagement Planning and Reporting
The candidate will be able to plan an engagement including tasks such as adversary profiling, scoping the engagement, and red team creation. The candidate will also be able to understand how to close the engagement including data consolidation, revealing the red teams actions, producing an engagement report, and determining if retesting will be completed.
Other Popular Courses
Next Generation Mindfulness
- Duration: 1 Days
- Language: English
- Level: Foundation
- Exam: NGM
Nutanix Multicloud Infrastructure Design (NMC...
- Duration: 1 Days
- Language: English
- Level: Advanced
- Exam: Nutanix Certifi
CertNexus: CyberSec First Responder (CFR)
- Duration: 5 Days
- Language: English
- Level: Advanced
- Exam: CFR-410