CYBER SECURITY CERTIFICATION

Advanced Red Team

Operations

Training Course

 

Advanced Red Team Operations Training

Registration is open for our next class

September 10 – 11, 2024

Advanced Red Team Operations

(Virtual over Zoom)

Course Length: 16 Hours (2 Days)

Format: Virtual

Tuition: $700 per person

Includes: 30-day access to Terraform labs, certificate of participation, and class recordings that never expire. Students will deploy the labs into their AWS accounts (each student is responsible for the compute costs associated with the lab environment)

Course Description:

The Advanced Red Team Operators course, an exclusive and dynamic, instructor-led training experience traditionally delivered over Zoom over two days, is tailored for professionals with a solid foundation in cybersecurity. This course takes participants through a high-fidelity target enterprise environment simulation that students host in their AWS accounts, where each student sets up their private lab for hands-on practice with the Cobalt Strike command and control (C2) framework.

This comprehensive course will deepen your understanding of defensive and offensive tooling. A proficient Red Team operator must know the indicators of compromise (IOCs) they create and the artifacts they leave behind. By the end of this course, you will have a thorough understanding of these concepts, making you well-prepared for any red team operation. Students are challenged with an objectives-based assessment at the end. The students are challenged to apply everything they learn through a 2-stage “capstone” consisting of an objectives-based lab and repeating the same compromise against an industry-leading, fully updated Endpoint Detection and Response deployment in the target environment.

Day 1 –We first focus on configuring our C2 infrastructure and tools. The first day is an intense 8-hour session covering redirector configuration, design, and C2 channel optimization to prioritize operational security, stealth, and resiliency to attacks and investigators.

Day 2 – Students apply what they learn during day one on day two by running a Red Team Campaign against an Active Directory deployment featuring live PKI infrastructure, Database, Web application, and Domain Controller, and do so while gaining familiarity with Cobalt Strike off-the-shelf capabilities and other open-source tooling.

Key Learning Objectives

  • Configuring reverse proxy HTTP(S) command and control (C2) redirectors from initial configuration to advanced operational security to enable filtering of non-c2 traffic (e.g., from incident response and threat hunters, web-scraping bots, virus scanners, and malware sandboxes)
  • Configuring content delivery network (CDN) HTTP(S) C2 redirectors using major cloud service providers like Google Cloud Platform (GCP), Amazon Web Services (AWS), Azure FrontDoor
  • Configuring traffic filtering features in CDN services like HTTP header-based filtering
  • Configuring geo-filtering features in CDN services to block traffic originating from foreign states to reduce the risk of compromise of C2 infrastructure
  • Configuring serverless function-based HTTP(S) C2 redirectors using AWS Lambda
  • Configuration of Cobalt Strike’s “Malleable Profiles” features to blend C2 traffic, evade endpoint detection and response (EDR) systems, and perform advanced adversary emulation.
  • Discovery tactics to identify vulnerabilities by “footprinting” network services and applications
  • Performing privilege escalation by abusing dangerous privileges in the security context of a user session on Windows OS targets
  • Introduction to process injection techniques
  • Attacking Active Directory

Who Should Enroll:

This course is not just about theory but about practical application. It is designed for experienced cybersecurity practitioners ready to roll up their sleeves and immerse themselves in a realistic lab environment. Over two intensive days, you will use advanced concepts and tools such as reverse proxies and content distribution networks (i.e., Azure CDN, GCP, and serverless functions) configured for C2 traffic redirection and concealment of a C2 server via traffic filtering techniques, C2 implants (Cobalt Strike Beacon), and various C2 channels (HTTPS, SMB, and TCP). The students will use Terraform projects to deploy a pre-configured lab that comprises the target environment while manually configuring all aspects of the attacker’s infrastructure, closely mirroring real-world workflows.

Course Takeaways:

Enhance your tactical skills in advanced red team operations, learn to manage and deploy sophisticated C2 frameworks, and gain the confidence to perform complex cybersecurity attacks in a controlled, educational environment.

This course will equip you with cutting-edge techniques to stay ahead of cybersecurity threats and safeguard critical organizational assets.

Embark on this journey with White Knight Labs and transform into a skilled practitioner in offensive cybersecurity, equipped with the latest tools and techniques to excel in this ever-changing field.

RELEVANT

This Course is Hyper-Current

Changes are always made at the last minute to ensure that students receive the most up-to-date and relevant content possible. As a result, the syllabus is subject to change, and course content may be modified based on student skill level, course progression, and other factors.

Not Just Concepts

We get you into the trenches, putting you  into real world scenerios that may frustrate you as we challenge your skills and knowledge.

Not for Beginners

Students should have experience in cybersecurity fundamentals and an understanding of penetration testing and execution of red team operations

Hands On Lab Environemnt

Eight virtual machines using Ubuntu, Windows 10, Kali, and Windows Server 2019

To the Limits

This course is designed to challenge you and you must be willing to face the difficulties we present and not give up

Live training provides students with interactive opportunities to master topics of interest

Advanced Red Team Operations

Basic Overview

Students will learn to understand modern defenses, process injection variants, Cobalt Strike and attacking AV/EDR products.

The course includes topics such as defeating string detection, unhooking EDR products, along with AMSI and ETW bypass. 

Take Your Skills to the Next Level

Challenge Yourself

Discover new heights and overcome personal barriers with a White Knight Labs ground breaking training program, created to foster growth and unleash your capabilities.

Learn

Enhance your skillset through our expert-developed courses, focused on delivering the most pertinent and up-to-the-minute information in your field.

Achieve

Aim for the stars and experience the thrill of success with WhiteKnightLabs’ extensive training program, enabling you to tackle challenges head-on and excel in your chosen profession.

Register Now

for the Next Session

You will receive additional details by email once you complete the registration.

Secure Your Seat Right Now!

September 10th and 11th, 2024

Class Times will be 8:30AM EST – 5:00PM EST

Additional Information

Cyber Security Training represented by image of female hacker in front of computer screens.

Contact us with Questions

If you have questions let us know.  If you’re unable to use the form. please give us a call at 877-864-4204