CYBER SECURITY CERTIFICATION
Advanced Red Team
Operations
Training Course
Registration is open for our next class
September 10 – 11, 2024
Advanced Red Team Operations
(Virtual over Zoom)
Course Length: 16 Hours (2 Days)
Format: Virtual
Tuition: $700 per person
Includes: 30-day access to Terraform labs, certificate of participation, and class recordings that never expire. Students will deploy the labs into their AWS accounts (each student is responsible for the compute costs associated with the lab environment)
Course Description:
The Advanced Red Team Operators course, an exclusive and dynamic, instructor-led training experience traditionally delivered over Zoom over two days, is tailored for professionals with a solid foundation in cybersecurity. This course takes participants through a high-fidelity target enterprise environment simulation that students host in their AWS accounts, where each student sets up their private lab for hands-on practice with the Cobalt Strike command and control (C2) framework.
This comprehensive course will deepen your understanding of defensive and offensive tooling. A proficient Red Team operator must know the indicators of compromise (IOCs) they create and the artifacts they leave behind. By the end of this course, you will have a thorough understanding of these concepts, making you well-prepared for any red team operation. Students are challenged with an objectives-based assessment at the end. The students are challenged to apply everything they learn through a 2-stage “capstone” consisting of an objectives-based lab and repeating the same compromise against an industry-leading, fully updated Endpoint Detection and Response deployment in the target environment.
Day 1 –We first focus on configuring our C2 infrastructure and tools. The first day is an intense 8-hour session covering redirector configuration, design, and C2 channel optimization to prioritize operational security, stealth, and resiliency to attacks and investigators.
Day 2 – Students apply what they learn during day one on day two by running a Red Team Campaign against an Active Directory deployment featuring live PKI infrastructure, Database, Web application, and Domain Controller, and do so while gaining familiarity with Cobalt Strike off-the-shelf capabilities and other open-source tooling.
Key Learning Objectives
- Configuring reverse proxy HTTP(S) command and control (C2) redirectors from initial configuration to advanced operational security to enable filtering of non-c2 traffic (e.g., from incident response and threat hunters, web-scraping bots, virus scanners, and malware sandboxes)
- Configuring content delivery network (CDN) HTTP(S) C2 redirectors using major cloud service providers like Google Cloud Platform (GCP), Amazon Web Services (AWS), Azure FrontDoor
- Configuring traffic filtering features in CDN services like HTTP header-based filtering
- Configuring geo-filtering features in CDN services to block traffic originating from foreign states to reduce the risk of compromise of C2 infrastructure
- Configuring serverless function-based HTTP(S) C2 redirectors using AWS Lambda
- Configuration of Cobalt Strike’s “Malleable Profiles” features to blend C2 traffic, evade endpoint detection and response (EDR) systems, and perform advanced adversary emulation.
- Discovery tactics to identify vulnerabilities by “footprinting” network services and applications
- Performing privilege escalation by abusing dangerous privileges in the security context of a user session on Windows OS targets
- Introduction to process injection techniques
- Attacking Active Directory
Who Should Enroll:
This course is not just about theory but about practical application. It is designed for experienced cybersecurity practitioners ready to roll up their sleeves and immerse themselves in a realistic lab environment. Over two intensive days, you will use advanced concepts and tools such as reverse proxies and content distribution networks (i.e., Azure CDN, GCP, and serverless functions) configured for C2 traffic redirection and concealment of a C2 server via traffic filtering techniques, C2 implants (Cobalt Strike Beacon), and various C2 channels (HTTPS, SMB, and TCP). The students will use Terraform projects to deploy a pre-configured lab that comprises the target environment while manually configuring all aspects of the attacker’s infrastructure, closely mirroring real-world workflows.
Course Takeaways:
Enhance your tactical skills in advanced red team operations, learn to manage and deploy sophisticated C2 frameworks, and gain the confidence to perform complex cybersecurity attacks in a controlled, educational environment.
This course will equip you with cutting-edge techniques to stay ahead of cybersecurity threats and safeguard critical organizational assets.
Embark on this journey with White Knight Labs and transform into a skilled practitioner in offensive cybersecurity, equipped with the latest tools and techniques to excel in this ever-changing field.
RELEVANT
This Course is Hyper-Current
Changes are always made at the last minute to ensure that students receive the most up-to-date and relevant content possible. As a result, the syllabus is subject to change, and course content may be modified based on student skill level, course progression, and other factors.
Not Just Concepts
We get you into the trenches, putting you into real world scenerios that may frustrate you as we challenge your skills and knowledge.
Not for Beginners
Students should have experience in cybersecurity fundamentals and an understanding of penetration testing and execution of red team operations
Hands On Lab Environemnt
Eight virtual machines using Ubuntu, Windows 10, Kali, and Windows Server 2019
To the Limits
This course is designed to challenge you and you must be willing to face the difficulties we present and not give up
Advanced Red Team Operations
Basic Overview
Students will learn to understand modern defenses, process injection variants, Cobalt Strike and attacking AV/EDR products.
The course includes topics such as defeating string detection, unhooking EDR products, along with AMSI and ETW bypass.
Take Your Skills to the Next Level
Challenge Yourself
Discover new heights and overcome personal barriers with a White Knight Labs ground breaking training program, created to foster growth and unleash your capabilities.
Learn
Enhance your skillset through our expert-developed courses, focused on delivering the most pertinent and up-to-the-minute information in your field.
Achieve
Aim for the stars and experience the thrill of success with WhiteKnightLabs’ extensive training program, enabling you to tackle challenges head-on and excel in your chosen profession.
Register Now
for the Next Session
You will receive additional details by email once you complete the registration.
Secure Your Seat Right Now!
September 10th and 11th, 2024
Class Times will be 8:30AM EST – 5:00PM EST
Additional Information
Contact us with Questions
If you have questions let us know. If you’re unable to use the form. please give us a call at 877-864-4204