Understanding the Advanced Red Team
Operations Certification
(ARTOC) - On-Demand
The Advance Red Team Operations Certification (ARTOC) On-Demand is an advanced, self-paced cybersecurity course designed for seasoned professionals. Participants will dive deep into topics like Cobalt Strike, Cobalt Strike, and process injection strategies in an immersive, AWS-hosted environment.
This course allows you to learn and practice advanced offensive strategies at your own pace, with continuous access to labs, class recordings, and instructional materials that never expire. Students will manage their own infrastructure, deploying labs into their AWS accounts, with additional optional labs in Azure and GCP.
Achieving Success in the ARTOC On-Demand
To earn the ARTOC certification through this on-demand training, you will:
- Master Advanced Offensive Strategies: Gain practical experience in complex red team operations, including managing Cobalt Strike servers, redirectors, and C2 channels.
- Deploy Your Own Infrastructure: Use Terraform scripts to configure cloud infrastructure in AWS, Azure, and GCP, simulating real-world red team engagements.
- Complete a Simulated Attack Path: Engage in a high-fidelity, simulated attack path to breach and gain administrative control over the stigs-corp.local network.
- Test Against Next-Generation AV/EDR: After completing the initial attack, test your ability to evade next-generation AV/EDR in a controlled environment.
- Submit a Professional Report: After completing the labs, prepare and submit a comprehensive report demonstrating your findings, methodologies, and attack execution.
Flexible Learning Format
- Self-Paced Learning: Take as long as you need to complete the course materials and labs. There are no deadlines.
- Hands-On Lab Experience: Set up and deploy your own AWS, Azure, and GCP infrastructure to simulate real-world red team operations.
- Unlimited Lab Access: Enjoy continuous access to your labs without expiration, allowing you to refine your skills indefinitely.
- Self-Directed Support: Use detailed documentation, video walkthroughs, and comprehensive materials to guide yourself through the labs.
What Is Included
When you enroll in the Advanced Red Team Operations Certification (ARTOC) – On-Demand, you receive:
Pre-Recorded Instruction
Access instructional videos created by expert red team operators, guiding you through each lab and attack scenario.
Detailed Lab Walkthroughs
Step-by-step guides to setting up your own infrastructure and executing complex red team attacks.
Unlimited Access to Terraform Labs
Deploy and manage your labs using Terraform in AWS, with optional labs in Azure and GCP.
Attack Path Diagram
A visual guide to the attack paths you’ll encounter, helping you understand the complexity of the scenarios.
Live Domain Setup
Purchase live domains through Namecheap or Cloudflare to simulate realistic attack environments.
Lifetime Lab Access
Unlimited access to your labs, allowing you to revisit them anytime and refine your skills.
Student Requirements
To enroll in the ARTOC On-Demand, students should meet the following requirements:
Advanced Cybersecurity Knowledge
A strong understanding of offensive security operations, penetration testing, and red team methodologies.
Familiarity with C2 Frameworks
Experience working with Cobalt Strike or other C2 frameworks like Havoc is recommended.
Cloud Knowledge
Experience with cloud infrastructure management in AWS, with optional knowledge of Azure and GCP.
Azure Tenant & AWS Account
Access to an AWS account for lab deployment, with additional labs available in Azure and GCP.
Hardware Requirements
A laptop with at least 8GB of RAM and access to a stable internet connection.
Willingness to Learn
A strong motivation to engage with self-directed, advanced-level materials and perform hands-on exercises.
These requirements ensure participants are ready to make the most of the advanced training provided in this course.
Cost and Discounts
The Advanced Red Team Operations Certification (ARTOC) – On-Demand is priced at $500. This fee includes access to expert-created instructional materials, unlimited access to self-managed labs, and one exam voucher.
Additional Costs
- Compute Costs: Students are responsible for the AWS compute costs associated with running their lab environment.
- Domain Purchases: Students will need to purchase live domains from Namecheap or Cloudflare for use in the labs.
Discounts Available
We offer a 20% discount to the following groups:
- Veterans and Active Military Personnel: Honoring those who have served or are currently serving.
- Students: Supporting the next generation of cybersecurity professionals.
- Educators: Recognizing the vital role of teachers in fostering cybersecurity knowledge.
- First Responders: Acknowledging the efforts of those who serve on the front lines in emergencies.
To take advantage of the discount, please email training-team@whiteknightlabs.com with proof of eligibility, and we’ll provide you with a custom discount code.
Register Now to take advantage of our special pricing and begin mastering advanced red team operations!
Who Should Take the ARTOC On-Demand?
This on-demand course is ideal for:
- Red Team Operators: Seeking advanced, self-paced learning to enhance their offensive security skills.
- Experienced Penetration Testers: Wanting to transition to high-level red team engagements and real-world simulations.
- Cloud Architects: Interested in mastering C2 frameworks and cloud-based red team strategies in AWS, Azure, and GCP.
- Cybersecurity Enthusiasts: Looking for a comprehensive, hands-on course to deepen their knowledge in offensive cybersecurity techniques.
Course Content Overview
The ARTOC On-Demand covers the following key areas:
- Cobalt Strike Setup: Learn to set up and configure Cobalt Strike or Havoc as your C2 server, simulating a real-world red team operation.
- Building and Managing Redirectors: Use cloud-based services like AWS Lambda, Azure CDN, and GCP CDN to manage redirectors and evade detection.
- Cloud-Based C2 Techniques: Deploy cloud infrastructure using Terraform to manage C2 channels and execute sophisticated attacks.
- Operational Tactics: Learn advanced tactics, from vulnerability identification to privilege escalation, and gain administrative domain control.
- Simulated Attack Path: Engage in a simulated attack against the stigs-corp.local network, gaining domain admin and testing against next-generation AV/EDR.
Dynamic Attack Paths and Labs
In the Advanced Red Team Operations Certification (ARTOC) – On-Demand, you will engage in sophisticated, real-world attack simulations that involve deploying your own Cobalt Strike or Havoc C2 server, protecting it with various redirectors, and attacking a simulated corporate network.
Cobalt Strike Server Setup with Redirectors and CDNs
The first diagram demonstrates the architecture for securing your Cobalt Strike or Havoc server. This setup uses multiple layers of redirectors, CDNs, and serverless functions to obfuscate the command and control (C2) communication and avoid detection.
Cobalt Strike Server Setup
- Cobalt Strike/Havoc C2 Server: The main command and control server where all red team activities will be orchestrated.
-
Redirectors: These intermediate servers forward traffic to the C2 server, making it more difficult for defenders to detect the true origin of the C2 communications.
- AWS Lambda Function
- Azure Function
- Traditional HTTP(S) redirectors
- CDNs (Content Delivery Networks): Use Azure CDN, AWS CloudFront, and GCP CDN to further mask your infrastructure by routing traffic through large, legitimate cloud service providers, adding another layer of obfuscation.
This layered defense is essential for ensuring your Cobalt Strike or Havoc C2 server remains operational during engagements while evading detection by defensive teams. Each layer serves to protect the core C2 server from exposure by adding complexity and redundancy to your infrastructure.
Stigs-Corp.local Network and Attack Paths
The second diagram showcases the stigs-corp.local network, which consists of four key servers that you’ll target during the lab exercises. Your objective is to navigate the attack paths, gain foothold in the network, and escalate privileges to obtain Domain Admin access.
Stigs-Corp.local Network Setup
- Application Server (DMZ): The entry point for your attack, located in the DMZ (Demilitarized Zone). You’ll use initial access tactics to breach this server, leveraging exposed services or vulnerabilities.
- SQL Server: Once inside the network, lateral movement allows you to compromise the SQL Server by exploiting misconfigurations or vulnerabilities.
- ADCS Server The Active Directory Certificate Services (ADCS) server provides additional attack vectors for privilege escalation. Compromising this server can facilitate access to sensitive data and assist in credential theft.
- Domain Controller: The final target of the attack, where you will use post-exploitation tactics to escalate privileges and obtain Domain Admin access.
Each server represents a different layer of the network’s defenses, and you will use various tools and tactics learned during the course to compromise these assets. After achieving Domain Admin privileges, you’ll be tasked with testing the same attack path against a next-generation AV/EDR solution, simulating a real-world advanced persistent threat (APT) scenario.
Constantly Updated Labs
Our labs are continuously updated to incorporate new vulnerabilities, attack vectors, and defense mechanisms. This ensures that the training you receive is relevant and reflects the latest developments in cybersecurity. Plus, with lifetime access to your labs, you can continue practicing and improving your skills without any time constraints.
Additional Benefits
We proudly offer free or discounted training for military personnel, veterans, students, teachers, and first responders. Contact us to learn more about how you can benefit from this support.
Challenge yourself and take your red team operations skills to the next level with our expert-created, self-paced training program. Learn, achieve, and excel in your cybersecurity career with White Knight Labs.
Frequently Asked Questions (FAQs)
The on-demand course is self-paced, allowing you to take as long as you need to complete the training. There are no deadlines, so you can learn at your own pace.
Participants should have an advanced understanding of offensive security operations, familiarity with Cobalt Strike or other C2 frameworks, and experience managing cloud infrastructure in AWS. Knowledge of Azure and GCP is optional but recommended.
Yes, participants must have an AWS account for lab deployment. Additional labs in Azure and GCP are optional but require accounts in those platforms.
Yes, all participants will receive comprehensive course materials, including instructional videos, step-by-step lab walkthroughs, code snippets, and Terraform scripts for cloud infrastructure deployment.
This on-demand training is self-paced, so you’ll be guided by pre-recorded video lessons and detailed documentation. You can also revisit the materials anytime if you need additional clarification or practice.
Yes, you will have lifetime access to your labs. This means you can continue practicing and refining your skills without any time constraints.
Labs are accessed through your own AWS environment, and they never expire, allowing continuous learning and practice. Additional labs in Azure and GCP are also available.
The certification exam is a hands-on, practical test where you will be required to demonstrate your skills in a real-world cloud environment. The exam environment features similar attack paths but requires deeper thought and strategy to overcome new challenges.
Yes, an exam voucher is included with your course registration, allowing you to schedule your certification exam at your convenience.
No, the exam voucher does not expire, allowing you to take the exam at your convenience whenever you feel ready.
Register Now for the On-Demand Training
Start at your own pace and take as long as you need to complete the course and labs. Secure your seat now and receive additional details by email once you complete the registration.
