Cyber Security Training

Offensive Development Training Course

Registration is open for our next class.  May 30 – 31, 2024

Offensive Development (Virtual over Zoom)

Course Length: 16 Hours (2 Days)

Format: Virtual

Tuition: $1,100 per person

Includes: 30 day access to Terraform labs, certificate of participation, and class recordings that never expire.

Course Description:  

White Knight Labs proudly presents “Offensive Development,” an intermediate-level course meticulously crafted for cybersecurity professionals. This program is not for beginners; it’s tailored for those looking to elevate their skills in the complex art of offensive cybersecurity. As the digital threat landscape continually evolves, so does our curriculum. This course is dynamically updated to incorporate new techniques and research findings, ensuring you’re always at the cutting edge of offensive development methodologies.

What You’ll Learn:

Day 1 – Understanding Modern Defenses: We begin by dissecting modern defense mechanisms, providing you with the latest insights and tools. You’ll gain hands-on experience with Terraform Labs in AWS environments, Portable Executable conversions, and various process injection strategies. Our evolving curriculum ensures the inclusion of the newest techniques and research in Windows API manipulation, shellcode storage, and dynamic resolution of hidden imports.

Day 2 – Advanced Offensive Techniques and Cobalt Strike: The second day is dedicated to advanced offensive techniques, with a special focus on the Cobalt Strike Command and Control (C2) Framework. You’ll delve into C2 profiles, defeating sandbox detection, identifying EDR’s active protections, and mastering DLL proxying. The course also includes an introduction to the Cobalt Strike C2 Framework, AMSI and ETW primer, and custom payload development strategies.

Who Should Enroll:

  • Penetration testers, red teamers, and blue teamers looking to advance their malware development skills.
  • Cybersecurity professionals aiming to understand and effectively deploy offensive security tools.
  • Security analysts and researchers interested in the development of offensive cybersecurity methodologies.

Course Takeaways:

  • A deep understanding of modern cybersecurity defenses and how to navigate them.
  • Skills in advanced offensive techniques and tool development.
  • Knowledge of the latest updates and techniques in offensive cybersecurity.
  • An introduction to the Cobalt Strike C2 Framework, highlighting its usage in offensive strategies.

Embark on this journey with White Knight Labs and transform into a skilled practitioner in offensive cybersecurity, equipped with the latest tools and techniques to excel in this ever-changing field.

Prerequisites:

To ensure a productive and engaging learning experience in our “Offensive Development” course, we have established a set of prerequisites for all participants. These prerequisites are designed to make sure that each student is adequately prepared for the advanced content and can fully benefit from the course material.

  • Programming Background: Participants must have a solid background in programming, specifically in C, C++, or C#. This foundational knowledge is crucial for understanding the complex code structures and techniques discussed in the course.
  • Understanding of C2 Frameworks: A clear understanding of how Command and Control (C2) frameworks operate is essential. This knowledge is fundamental in comprehending the operational aspects of offensive cybersecurity tools.
  • Basic Process Injection Techniques: Familiarity with basic process injection techniques is required. This includes an understanding of how these techniques are used to execute code in the context of another process.
  • Shellcode Usage: Proficiency in using shellcode is a must. Participants should understand how shellcode is crafted and deployed in offensive operations.
  • Experience in Payload Development: A background in developing payloads or creating initial footholds on target endpoints is crucial. This experience is necessary for comprehending the practical aspects of tool development and deployment in offensive cybersecurity.
  • Desire to Learn: A strong desire to learn and delve deeper into the subject matter is vital. This course is challenging and requires students to be motivated and willing to go the extra mile in their learning journey.
  • Aspiration to Bypass Security Measures: An enthusiasm for learning techniques to bypass Anti-Virus (AV) and Endpoint Detection and Response (EDR) systems is essential. This course focuses on overcoming modern security defenses, and a keen interest in this area is necessary for success.

Participants meeting these prerequisites will find themselves well-prepared to tackle the challenges and reap the full benefits of the “Offensive Development” course.

Course Syllabus:

  • Terraform Lab Deployment in students’ AWS environments.
  • Guacamole Walkthrough.
  • Portable Executable Primer.
  • Windows API Primer.
  • Converting PE Files to Shellcode (Donut, Windows-Only Tools).
  • Process Injection: CreateRemoteThread.
  • Shellcode Storage (text section).
  • Shellcode Storage (resources section).
  • Process Injection: Process Hollowing.
  • Process Injection: Early Bird.
  • Process Injection: MockingJay.
  • Windows API Direct Syscalls.
  • Windows API Indirect Syscalls.
  • Hiding Imports via Dynamic Resolution.
  • XOR Encrypting API Function Calls.
  • Introduction to Cobalt Strike.
  • Cobalt Strike C2 Deep Dive (Profiles and BOFs).
  • Defeating Sandbox Detection.
  • Identifying an EDR’s Active Protection.
  • DLL Proxying for Persistence.
  • API Unhooking.
  • AMSI Primer & AMSI Bypass.
  • ETW Primer & Process Injection: Caro-Kann.
  • Custom Reflective DLL Loaders.
  • App Domain Injection.
  • ClickOnce Payload Development.
    Final Challenges

What Students Will Be Provided With

For the duration of the course, students will be given access to a private, fully immersive cloud cyber range hosted in AWS. In addition to receiving course slides, students will receive hands-on training with commercial products, including the Cobalt Strike C2 platform. To keep this course industry-relevant and realistic, students will be developing bypasses for multiple EDR products.

Student Requirements

  • An AWS administrative account to execute Terraform scripts for lab setup.
  • A laptop with Terraform installed, to establish the labs.
  • A high-speed internet connection.
  • Access to a web browser.
  • Access to Discord for interaction with instructors.

Relevant

This Course is Hyper-Current

Changes are always made at the last minute to ensure that students receive the most up-to-date and relevant content possible. As a result, the syllabus is subject to change, and course content may be modified based on student skill level, course progression, and other factors.

 

Not Just Concepts

We get you into the trenches, putting you  into real world scenerios that may frustrate you as we challenge your skills and knowledge.

Hands On Lab Environemnt

Eight virtual machines using Ubuntu, Windows 10, Kali, and Windows Server 2019

Not for Beginners

Students should have experience in cybersecurity fundamentals and an understanding of penetration testing and execution of red team operations

To the Limits

This course is designed to challenge you and you must be willing to face the difficulties we present and not give up

Advanced Red Team Operators

Basic Overview

Students will learn to understand modern defenses, process injection variants, Cobalt Strike and attacking AV/EDR products.

The course includes topics such as defeating string detection, unhooking EDR products, along with AMSI and ETW bypass. 

Take Your Skills to the Next Level

Challenge Yourself

Discover new heights and overcome personal barriers with WhiteKnightLabs’ groundbreaking training program, created to foster growth and unleash your capabilities.

Learn

Enhance your skillset and deepen your understanding through our expert-developed courses, focused on delivering the most pertinent and up-to-the-minute information in your field.

Achieve

Aim for the stars and experience the thrill of success with WhiteKnightLabs’ extensive training program, enabling you to tackle challenges head-on and excel in your chosen profession.

Register Now for the Next Session

You will receive additional details by email once you complete the registration

Click the link to secure your seat right now!

May 30th and 31st, 2024

Class Times will be 8:30AM EST – 5:00PM EST

Need additional information?

7 + 10 =

Cyber Security Training represented by image of female hacker in front of computer screens.

Contact us with Questions

If you have questions let us know.  If you’re unable to use the form. please give us a call at 877-864-4204