Advanced Red Teaming: Weaponization & Adversary Simulation

By Amr Thabet

Elevator Pitch

This is a live instructor-led training that focuses on developing cyber weapons that can evade AV detection, EDR logs, and forensics traces like how advanced targeted attacks do, and provide you with insights on how to improve your organization’s overall detections and security posture

Description

Advanced Red Teaming: Weaponization & Adversary Simulation is a hands-on offensive training that focuses on helping organizations battle against ever-growing targeted attacks and ransomware attacks by simulating their adversaries and putting your defenses and your blue team at test to improve the organization security posture.

This training focuses on developing cyber weapons that can evade AV detection, EDR logs, and forensics traces like how advanced targeted attacks do, and provide you with insights on how to improve your organization’s overall detections and security posture

What previous students said about this training: “Outstanding training, worth its weight in gold. Content: Up-to-date and very very impressive. Delivery: Very well delivered, Amr put his heart and soul into it and was very helpful. Great human being. Much appreciated.” by John Johnes

“This is one of the best trainings I’ve attended. I couldn’t be happier with my decision to take this training.” by Adebayo

LEARNING OBJECTIVES:

  • Simulate a real APT Attack given its TTPs.
  • Build your own malware to test their defenses (or clients’ defenses) against completely new malware.
  • Build your own Red Team infrastructure in AWS and secure it from being detected or blocked by the company’s security team.
  • Learn not just the techniques and how to use them, but how each technique works internally and how you can develop your own version of it.

PROGRAM OUTLINE

DAY 1

APT Attacks & Red Team Infrastructure on AWS

  • What is an APT Attack? ​* What are the Attack Stages? And what’s MITTRE ATTACK?
  • APT attack lifecycle ​* Examples of real-world APT attacks
  • Deep dive into the attackers’ tactics, techniques, and procedures (TTPs) Using Threat Intelligence ​* Understand the attackers’ malware arsenal ​* Setting Up Your Infrastructure in the cloud ​* Setting up your account in AWS & Terraform ​* Build your network and Caldera VM in the cloud ​* Create Redirectors to obfuscate your C&C IP

Phishing & Social Engineering Mastery

  • Create a Phishing Platform using GoPhish & EmailGun
  • Create Your Phishing Pages using EvilGinx 2
  • Build Your Phishing plan using OSINT ​* Build your phishing emails templates ​* Bypass 2-Factor Authentication using EvilGinx 2

Initial Access: Get your foot into the organization network

  • Spearphishing with a malicious document
  • Spearphishing with link
  • Spearphishing using social media
  • Advanced Execution Techniques: LNK Files ​* Advanced Execution Techniques: COM Objects ​* Write your first spear-phishing attack with a malicious document (Hands-on)

DAY 2

Write Your First HTTP Malware

  • Build a Vulnerable organization in AWS
  • Connect to Caldera C2 using HTTP
  • Implement Base64 encoding in your malware
  • Implement JSON parsing in your malware
  • ​Send victim machine information to your C&C ​* Receive and execute commands from Caldera ​* Automate command execution across multiple victims ​ ###Maintaining Persistence In-Depth
  • Maintain Persistence in the victim machine
  • Advanced Persistence methods
  • Disguise the malware inside a legitimate process (Malware as a DLL)
  • Persistence through DLL Injection
  • Privilege Escalation Techniques
  • UAC bypass techniques
  • ​Advanced UAC bypass techniques: Abusing Application Shimming
  • Abuse services for privilege escalation
  • Escalate to SYSTEM account.

Defense Evasion: Malware Obfuscation

  • Malicious Documents: VBA Stomping
  • Strings Encryption ​* Dynamic API Loading ​* Hidden In Plain Sight: Malware Steganography
  • Hidden In Plain Sight 01: HTML Smuggling ​* Hidden In Plain Sight 02: Steganography
  • Bypassing EDR through Stealthy Process Injection

DAY 03:

Defense Evasion: Network Obfuscation

  • Network Data Encryption​
  • HTTPS Communication ​* Using legitimate websites for communications
  • DNS Flux and DNS over HTTPS
  • Other Protocols & Channels (ICMP, DNS)

Impersonating Users: Credential Theft & Token Impersonalization

  • Credential Theft using lsass memory dump
  • Bypass lsass protection
  • Token Impersonation & Logon Types Overview
  • Token Impersonation implementation in your malware
  • ​Steal Remote Desktop Sessions

Lateral Movements

  • NTLM Attacks: Pass The Hash
  • ​Kerberos Attacks: Pass The Ticket
  • Kerberos Attacks: Overpass The Hash
  • Silver & Golden Tickets
  • Lateral movement using Scheduled tasks
  • ​Lateral movement using Remote COM Objects ​* Lateral movement using WMIC & Powershell Remoting

Who Should Attend

This training is for Security Professionals who want to expand their skills in red teaming, understand how real-world attacks look like and better protect their organizations against APT Attacks, Targeted Ransomware attacks and Fileless attacks This includes:

  • Cyber Security Professionals ​* Penetration Testers
  • Purple Teamers & Threat Hunters
  • Incident Handlers ​* SOC Analysts

Materials Provided:

  • Training Prerequisite & Lab Setup Guide: a step by step guide for preparing your machine and your AWS account for the training (we will be using the AWS Free Tier options along the training, there shouldn’t be any extra payments)
  • All the slides and the labs (including the red team infrastructure on the cloud source code)

Delegate Requirements:

  • Good IT administration background in Windows mainly (Linux is preferred)
  • Good cybersecurity background.
  • Good programming skills in C++

DURATION:

3 Days

Notes

This training is fully up-to-date and advanced training. I have made it live once last year and the feedback was impressive. I just added 2 testimonials here but if you want more testimonials from the students or a sample from the slides let me know.

And currently, red teaming is a new topic and a hot topic in the offensive market.