Understanding the Advanced Red Team
Operations Certification
(ARTOC) - Live Training
The Advance Red Team Operations Certification (ARTOC) Live Traning is an advanced, instructor-led cybersecurity course designed for seasoned professionals. Over two intensive days, participants will dive deep into topics like Cobalt Strike, cloud-based C2 techniques, and process injection strategies in an immersive, AWS-hosted environment.
This course allows you to engage in real-time with expert instructors, ensuring that you gain practical experience in advanced offensive strategies while receiving personalized feedback.
November 7th & November 8th 2024
Achieving Success in the ARTOC Live Training
To earn the ARTOC certification through this live training, you will:
- Master Advanced Offensive Strategies: Gain hands-on experience in complex red team operations, including managing Cobalt Strike servers, redirectors, and C2 channels.
- Deploy Your Own Infrastructure: Use Terraform scripts to configure cloud infrastructure in AWS, Azure, and GCP, simulating real-world red team engagements.
- Complete a Simulated Attack Path: Engage in a high-fidelity, simulated attack path to breach and gain administrative control over the stigs-corp.local network.
- Test Against Next-Generation AV/EDR: After completing the initial attack, test your ability to evade next-generation AV/EDR in a controlled environment.
- Submit a Professional Report: After completing the labs, prepare and submit a comprehensive report demonstrating your findings, methodologies, and attack execution.
Real-Time Learning Format
- Two-Day Intensive Course: Participate in a live, 2-day instructor-led course with expert guidance through complex red team scenarios.
- Hands-On Lab Experience: Set up and deploy your own AWS, Azure, and GCP infrastructure to simulate real-world red team operations, with instructors providing live feedback.
- Interactive Support: Ask questions and receive real-time feedback, ensuring you understand each step of the process and can troubleshoot effectively.
What Is Included
When you enroll in the Advanced Red Team Operations Certification (ARTOC) – Live Training, you receive:
Live, Expert Instruction
Engage with expert instructors in real-time, enhancing your understanding and skills.
Dedicated Lab Environments
Use Terraform to create and manage your lab environments in AWS, with additional labs in Azure and GCP.
Unlimited Access to Terraform Labs
Access your labs during and after the course to practice indefinitely. Labs never expire, allowing you to refine your skills over time.
Attack Path Diagram
A visual guide to the attack paths you’ll encounter, helping you understand the complexity of the scenarios.
Live Domain Setup
Purchase live domains through Namecheap or Cloudflare to simulate realistic attack environments.
Course Materials
Receive comprehensive course materials, including code snippets, custom scripts, and a detailed lab manual.
Lifetime Access to Recordings
Access recordings of the live sessions anytime to revisit concepts and strategies.
Student Requirements
To enroll in the ARTOC Live Training, students should meet the following requirements:
Advanced Cybersecurity Knowledge
A strong understanding of offensive security operations, penetration testing, and red team methodologies.
Familiarity with C2 Frameworks
Experience working with Cobalt Strike or other C2 frameworks like Havoc is recommended.
Cloud Knowledge
Experience with cloud infrastructure management in AWS, with optional knowledge of Azure and GCP.
Azure Tenant & AWS Account
Access to an AWS account for lab deployment, with additional labs available in Azure and GCP.
Hardware Requirements
A laptop with at least 8GB of RAM and access to a stable internet connection.
Willingness to Learn
A strong motivation to engage with live, advanced-level materials and perform hands-on exercises in real time.
These requirements ensure participants are ready to make the most of the advanced training provided in this course.
Cost and Discounts
The Advanced Red Team Operations Certification (ARTOC) – Live Training is priced at $700. This fee includes live, instructor-led training, access to self-managed labs that never expire, comprehensive course materials, and one exam voucher.
Additional Costs
- Compute Costs: Students are responsible for the AWS compute costs associated with running their lab environment.
- Domain Purchases: Students will need to purchase live domains from Namecheap or Cloudflare for use in the labs.
Discounts Available
We offer a 20% discount to the following groups:
- Veterans and Active Military Personnel: Honoring those who have served or are currently serving.
- Students: Supporting the next generation of cybersecurity professionals.
- Educators: Recognizing the vital role of teachers in fostering cybersecurity knowledge.
- First Responders: Acknowledging the efforts of those who serve on the front lines in emergencies.
To take advantage of the discount, please email training-team@whiteknightlabs.com with proof of eligibility, and we’ll provide you with a custom discount code.
Register Now to take advantage of our special pricing and begin mastering advanced red team operations!
Who Should Take the ARTOC Live Training?
This live training course is ideal for:
- Red Team Operators: Seeking advanced, hands-on learning with real-time instructor feedback.
- Experienced Penetration Testers: Wanting to transition to high-level red team engagements and real-world simulations.
- Cloud Architects: Interested in mastering C2 frameworks and cloud-based red team strategies in AWS, Azure, and GCP.
- Cybersecurity Enthusiasts: Looking for a comprehensive, instructor-led course to deepen their knowledge in offensive cybersecurity techniques.
Course Content Overview
The ARTOC Live Training covers the following key areas:
- Cobalt Strike Setup: Learn to set up and configure Cobalt Strike or Havoc as your C2 server, simulating a real-world red team operation.
- Building and Managing Redirectors: Use cloud-based services like AWS Lambda, Azure CDN, and GCP CDN to manage redirectors and evade detection.
- Cloud-Based C2 Techniques: Deploy cloud infrastructure using Terraform to manage C2 channels and execute sophisticated attacks.
- Operational Tactics: Learn advanced tactics, from vulnerability identification to privilege escalation, and gain administrative domain control.
- Simulated Attack Path: Engage in a simulated attack against the stigs-corp.local network, gaining domain admin and testing against next-generation AV/EDR.
Dynamic Attack Paths and Labs
In the Advanced Red Team Operations Certification (ARTOC) – Live Training, you will engage in hands-on, instructor-led attack simulations. You’ll deploy your own Cobalt Strike or Havoc C2 server, protect it with various redirectors, and execute complex attack paths against a simulated corporate network, all in real-time with expert guidance.
Cobalt Strike Server Setup with Redirectors and CDNs
During the live training, you will work closely with instructors to configure and secure your Cobalt Strike or Havoc C2 server. The setup involves multiple layers of redirectors, CDNs, and serverless functions to mask the C2 infrastructure and evade detection. Your instructors will guide you through each step, ensuring you understand how to obfuscate your command and control communication.
Cobalt Strike Server Setup
- Cobalt Strike/Havoc C2 Server: The main command and control server where all red team activities will be orchestrated.
-
Redirectors: These intermediate servers forward traffic to the C2 server, making it more difficult for defenders to detect the true origin of the C2 communications.
- AWS Lambda Function
- Azure Function
- Traditional HTTP(S) redirectors
- CDNs (Content Delivery Networks): Use Azure CDN, AWS CloudFront, and GCP CDN to further mask your infrastructure by routing traffic through large, legitimate cloud service providers, adding another layer of obfuscation.
This live, instructor-guided session ensures that you not only deploy the infrastructure but also fully understand how each layer contributes to maintaining a stealthy C2 server in red team operations.
Stigs-Corp.local Network and Attack Paths
The second live-guided lab takes you through attacking the stigs-corp.local network. Your instructors will walk you through each stage of the attack, from initial access to privilege escalation. The objective is to navigate the attack paths, gain foothold in the network, and escalate privileges to obtain Domain Admin access.
Stigs-Corp.local Network Setup
- Application Server (DMZ): The initial entry point for your attack, located in the DMZ (Demilitarized Zone). You’ll learn how to use advanced tactics to breach this server by leveraging exposed services or vulnerabilities.
- SQL Server: After gaining initial access, you’ll move laterally within the network, compromising the SQL Server through advanced exploitation techniques.
- ADCS Server The Active Directory Certificate Services (ADCS) server offers additional opportunities for privilege escalation. Instructors will guide you through leveraging this server for further access and credential theft.
- Domain Controller: The final target, where you will use post-exploitation tactics to escalate privileges and gain Domain Admin access. This will be a critical learning point for understanding advanced red team objectives.
Under real-time guidance from your instructors, you’ll execute these attacks in a simulated, high-fidelity environment, applying the concepts learned throughout the course. After achieving Domain Admin privileges, you will also test these attack paths against a next-generation AV/EDR solution, simulating a real-world advanced persistent threat (APT) scenario.
Interactive, Real-Time Lab Experience
Unlike the on-demand version, the live training allows you to ask questions, get real-time feedback, and troubleshoot with the help of instructors. You’ll work through each lab in real-time, ensuring you fully grasp the advanced techniques and strategies used in red team operations.
Constantly Updated Labs
Our labs are continuously updated to reflect the latest attack vectors, security measures, and defense mechanisms. This ensures you’re always working with the most current techniques in offensive cybersecurity. By participating in the live training, you’ll have the advantage of learning the newest tactics in a dynamic, evolving environment.
Frequently Asked Questions (FAQs)
The live training course is conducted over two intensive days, with each day running from 8:30 AM to 5:00 PM EST.
Participants should have an advanced understanding of offensive security operations, familiarity with Cobalt Strike or other C2 frameworks, and experience managing cloud infrastructure in AWS. Knowledge of Azure and GCP is optional but recommended.
Yes, participants must have an AWS account for lab deployment. Additional labs in Azure and GCP are optional but require accounts in those platforms.
Yes, all participants will receive comprehensive course materials, including instructional videos, step-by-step lab walkthroughs, code snippets, and Terraform scripts for cloud infrastructure deployment.
Instructors will be available throughout the live training to provide real-time feedback, answer questions, and troubleshoot any issues you encounter during the labs.
Yes, you will have lifetime access to your labs. This means you can continue practicing and refining your skills without any time constraints.
The certification exam is a hands-on, practical test where you will be required to demonstrate your skills in a real-world cloud environment. The exam environment features similar attack paths but requires deeper thought and strategy to overcome new challenges.
Yes, an exam voucher is included with your course registration, allowing you to schedule your certification exam at your convenience.
No, the exam voucher does not expire, allowing you to take the exam at your convenience whenever you feel ready.
Register Now for the Next Live Training Session
Next session: November 7th & November 8th 2024
Class Times: 8:30 AM EST – 5:00 PM EST
Secure your seat now and receive additional details by email once you complete the registration.
