Advanced Red Team Operations Course

by | Jun 12, 2023 | Member Registration

Registration

Advanced Red Team Operations Course Overview

The Advanced Red Team Operators course is an advanced-to-expert level simulated lab environment hosted in Azure and AWS, designed for experienced students to gain practical experience in advanced red team operations using Cobalt Strike. Over the course of three days, students will learn how to build infrastructure to simulate a real-life red team operation using Cobalt Strike, a powerful tool for executing red team operations. The course includes topics such as redirectors, C2 channels, vulnerability identification, network enumeration, process injection, and privilege escalation. With Terraform scripts provided to set up the lab environment and a simulated real-life attack path to navigate, the Advanced Red Team Operators course is essential for experienced professionals seeking to hone their advanced red team operations skills using Cobalt Strike.

Who Should Attend?

This course is intended for advanced students with a strong understanding of the fundamentals of cybersecurity, experience with penetration testing, and experience in executing red team operations. It is designed for individuals who want to take their red team skills to the next level and challenge themselves with practical experience in advanced red team operations using Cobalt Strike. Current red team operators will thrive here and have the opportunity to expand their skill set and learn new techniques to stay ahead of the curve.

Key Learning Objectives

  • Learn how to set up and configure Cobalt Strike with Docker
  • Understand C2 channels and learn how to build HTTPS redirectors using Apache Mod-rewrite
  • Gain practical experience in Azure configurations and setup
  • Learn how to use AWS Lambda with Python
  • Utilize GCP and Azure CDNs for custom traffic redirection
  • Learn how to protect your infrastructure and team server
  • Develop expertise in process injection and payload development
  • Learn how to perform attack path enumeration and execution for red team operations. Prerequisite Knowledge Students should have experience in advanced cybersecurity fundamentals and a strong understanding of penetration testing and execution of red team operations. However, this course is designed to challenge you across areas that you may not be comfortable with, and that is the point. A willingness to learn and not give up is essential. Students should also be familiar with Cobalt Strike and have a working knowledge of AWS and Azure cloud platforms, GCP, Docker, Apache web server configurations, HTTPS redirectors using

Apache Mod-rewrite, shellcode development for bypassing AV/EDR, and advanced network design for red team operations. Comfort with Terraform is also expected for deploying necessary infrastructure.

Lab Environment

Students will be given multiple Terraform scripts to spin up their own lab environment in AWS/Azure that consists of the following:

  • Ubuntu Cobalt Strike Team Server
  • Ubuntu Cobalt Strike Redirector Server
  • Windows 10 Development Machine
  • Kali Linux
  • Windows Server 2019 (Domain Controller)
  • Windows Serer 2019 (PKI Server)
  • Windows Serer 2019 (Application Server)
  • Windows Serer 2019 (SQL Server) Hardware/Software Requirement
  • Students must have an active AWS admin account with programmatic access.
  • Students must have an active Azure admin account
  • Students must have a GCP admin account
  • Students must be able to run terraform from local laptops

Syllabus

Day 1

Introduction to the course and lab environment setup

Setting up Cobalt Strike with Docker

Understanding C2 channels and HTTPS redirectors using Apache Mod-rewrite

Building infrastructure in Azure and AWS to protect the Cobalt Strike team server

Utilizing AWS Lambda with Python for custom traffic redirection

Using GCP and Azure CDNs for custom traffic redirection

Day 2:

Review of Day 1 and Q&A session

Protecting your infrastructure and team server

Process injection techniques and payload development for gaining a foothold on a simulated attack target

Hiding shellcode for bypassing A V/EDR

Footholds in 2023

Day 3:

Review of Day 2 and Q&A session

Terraform setup and configuration for a simulated Active Directory environment in AWS

Breaching a simulated Active Directory environment and overcoming challenges using real-life examples from 2022 and 2023 engagements

Attack path enumeration and execution for red team operations

Note: Please note that the syllabus provided is intended to be a general outline of the course content and does not reflect the true nature of the course guide or starting and ending points. This course is hyper-current and changes are always made at the last minute to ensure that students receive the most up-to-date and relevant content possible. As a result, the syllabus is subject to change, and course content may be modified based on student skill level, course progression, and other factors.