Cyber Security Training
Other Courses Just Teach Concepts
Our Offensive Development is the first course dedicated to building payloads that bypass modern AV/EDR products
There are a lot of other courses which focus on concepts, discuss bypasses, but none of them take the student through building payloads from scratch and then bypassing EDR live.
This course focuses on a brief introduction towards Windows Internals and calling Windows API functions dynamically, and ends with students buildings payloads and bypassing modern defensive solutions.
Each student gets access to an isolated cyber range where they will develop their malware and deploy it with Cobalt Strike. That’s right, Cobalt Strike is built into the course.
During the course, you will learn how AV/EDR products work so that you can understand how brittle they truly are.
Topics that will be covered are: AMSI/ETW bypass, writing shellcode, writing BOFS, malleable C2 profile, various process injection techniques, hiding strings and imports, and more.
This course isn’t just for red teamers: you will learn how to hunt for default Cobalt Strike usage, detect process injection by looking at memory permissions and strange parent/child relationships, and detecting dynamically calling Windows APIs via LoadLibrary/GetProcAddress.
Offensive Development Course
The total course duration is 2 days and consists of online interactive training sessions over Zoom. Registered students will receive an email invitation to the training.
Inside the cloud environment, the students will have access to a plethora of Windows machines with various EDR/AV products installed. The students will also have access to the Cobalt Strike C2 platform for the duration of training.
Strongly recommended: create an AWS account BEFORE the course begins
This is an intermediate level course
If you’re completely new to programming and Windows Internals, it might be difficult to keep up.
A background in the following topics would be useful before taking this course:
During the course, we will be interacting with different AWS EC2 instances using Guacamole.
Students will utilize their personal AWS account.
From that point, students will deploy the environment which consists of the following machines in the same subnet:
Here is a list of tools/requirements for the Offensive Development course (they’ll be preinstalled on the machines):
Training Course Details
Instructor Led Training Course
Course materials and lab environment are included in course fee
Dive deep into cutting edge techniques that bypass or neuter modern endpoint defenses. Learn how these solutions work to mitigate their utility and hide deep within code on the endpoint. The days of downloading that binary from the internet and pointing it at a remote machine are over. Today’s defenses oftentimes call for multiple bypasses within a single piece of code.
This course is designed to take you deep into defensive and offensive tooling – an apex attacker must know their own indicators of compromise (IOCs) they’re creating and the artifacts they’re leaving behind.
Who should Attend?
Anybody that is deeply passionate about red teaming and has a strong desire to excel. This course is intended for intermediate students with a good understanding of the fundamentals of cybersecurity and penetration testing.
It is designed for individuals who want to take their skills to the next level and challenge themselves while gaining practical experience.
This is an intermediate level course – a background in C programming, Windows Internals, .NET programming, and how AV/EDR products work would be useful.
Students will have access to their own contained lab environment within Snap Labs that consists of the following:
- Windows Server 2019 running Sophos Intercept X EDR
- Ubuntu Cobalt Strike Team Server
- Windows 10 Development Machine
- Kali Linux
- Admin Machine running Apache Guacamole
- Fully Patched Windows 10 Machine
- Learn the IOCs and artifacts of using off-the-shelf tooling. Without understanding the defender’s capabilities, an attacker brings little value to a red team engagement.
White Knight Labs is a Cyber Security Consultancy.
Our Co-Founders, Greg Hatcher and John Stigerwalt are passionate experts that deliver significant technical expertise in world-class offensive cyber security engagements.
With experience working in major cybersecurity firms, government agencies, and testing Fortune 500 organizations, they are industry thought leaders that give back to the security community.
Criteria for Success
This course is designed to challenge you across areas that you may not be comfortable with, and that is the point.
A determination to learn and not give up is essential to your success.
Keeping the Course Relevant
This course is hyper-current and changes are made frequently to ensure that students receive the most up-to-date and relevant content possible. Changes reflect both industry trends and influence from our real world engagements.
As a result, the syllabus is subject to change, and course content may be modified based on student skill level, course progression, and other factors.
Day 1 – Understanding Modern Defenses
- Hiding from the Import Address Table (IAT)
- Dynamically Building Your Strings
- Defeating string detection via encryption
- Finding EDR’s DLL
- Unhooking EDR products
- .NET and Assembly.Load
- Obfuscating .NET assemblies and their IOCs
- AMSI bypass
- ETW bypass
Day 2 – Process Injection and Cobalt Strike
- Process Injection Variants
- Malleable C2 Profiles
- Beacon Object Files
- Cobalt Strike IOCs
- Attacking AV/EDR Products
- Dumping LSASS in 2022
- Making the final binary to bypass multiple EDR products
This Course is Hyper-Current
Changes are always made at the last minute to ensure that students receive the most up-to-date and relevant content possible. As a result, the syllabus is subject to change, and course content may be modified based on student skill level, course progression, and other factors.
Not Just Concepts
We get you into the trenches, putting you into real world scenerios that may frustrate you as we challenge your skills and knowledge.
Hands On Lab Environemnt
Eight virtual machines using Ubuntu, Windows 10, Kali, and Windows Server 2019
Not for Beginners
Students should have experience in cybersecurity fundamentals and an understanding of penetration testing and execution of red team operations
To the Limits
This course is designed to challenge you and you must be willing to face the difficulties we present and not give up
Advanced Red Team Operators
Students will learn to understand modern defenses, process injection variants, Cobalt Strike and attacking AV/EDR products.
The course includes topics such as defeating string detection, unhooking EDR products, along with AMSI and ETW bypass.
Take Your Skills to the Next Level
Discover new heights and overcome personal barriers with WhiteKnightLabs’ groundbreaking training program, created to foster growth and unleash your capabilities.
Enhance your skillset and deepen your understanding through our expert-developed courses, focused on delivering the most pertinent and up-to-the-minute information in your field.
Aim for the stars and experience the thrill of success with WhiteKnightLabs’ extensive training program, enabling you to tackle challenges head-on and excel in your chosen profession.
Register Now for the Next Session
You will receive additional details by email once you complete the registration
Click the link to secure your seat right now!
Need additional information?
Contact us with Questions
If you have questions let us know. If you’re unable to use the form. please give us a call at 877-864-4204