Red Teaming "The Advanced User-Land Techniques" imparts user-land exploitation techniques specifically designed to evade advanced enterprise security products, as well as make incident detection and response a real nightmare. Students will practice Red Teaming against a network with hundreds of machines, containing multiple VLANs, and which are properly defended by endpoint detection, response and defence-in-depth.
Among the many topics covered are:
Complete malware platform covering web, mobile, endpoint and network
Rapid deployment of command control infrastructure in the cloud
Data exfiltration techniques for segmented enterprise networks
Operational security and tripwires to detect security investigations
Anti-forensics and anti-threat-hunting concepts and techniques
Total enterprise network compromise including SCADA and ERP
Theoretical knowledge makes up 40% of the course, and 60% is made up of practical exercises. The last day of the course is a practical Red Team exercise where students will put the skills they have learnt into practice.
In this course, we teach similar attack techniques used by threat actors such as APT28, Project Sauron, or DUBNIUM, to compromise networks.
If you are a penetration tester, the knowledge imparted in this course will assist you to deliver long-term Red Team campaigns that simulate persistent attackers equipped with advanced user-land exploitation toolsets.
If you work in incident detection and response, this course will show you how the adversaries are defeating many enterprise security solutions and provide you with insights on what can be done to stop them. Throughout the course, we will show the students the forensics artefacts they are generating on the network that could allow the incident response team to detect them.
Penetration testers, incident responders, security analysts, security engineers and heads of information security with strong technical background are all welcome to attend this course.
This course is taught by experienced Mossé Security’s instructors. Our instructors have over 10 years of experience delivering penetration testing, red teaming and incident response services for a multitude of industries that have involved complex and multi-faceted approaches. Our instructors each possess the right balance of corporate experience and are competently skilled in presenting and teaching to groups.
Beyond their technical abilities and years of professional experience, our instructors are also trained teachers and public speakers. Their manner of teaching easily conveys their passion for computer security to every one of our students.
Module 1: Windows Memory Internals
Flow of CreateProcess
Portable Executable format
PEB and TEB memory structures
Key Windows APIs
Learning C for Windows internals programming
Module 2: Memory Manipulation techniques
Modifying the PEB and TEB
DLL search order hijacking
DLL side loading
PowerShell memory-only techniques
Building Skeleton Keys
Attacking password managers
Module 4: Command & Control
Cloud command and control infrastructure
C&C via FTP, HTTP/S, SMTP, POP and DNS
C&C via popular websites and social media
Data exfiltration via removeable media
Module 5: Operational Security
Hardening C&C infrastructure
Obfuscating binaries and shellcode
Adding decoys to mislead security analysts
Installing tripwires to detect security investigations
Module 6: Proxy Implants
Port forwarding with native Windows utilities
Building custom proxy protocols to evade detection
Encrypting data in transit and securing the implants
Module 7: Defence Evasion
Detecting execution in virtual machines
Bypassing application whitelisting
Writing your own password dumper
Building a remote plugin engine
Defeating digital forensic techniques
Module 8: Attacking The Enterprise
Accessing financial databases
Accessing HR portals
Accessing SCADA networks
Accessing critical files servers
Bypassing network segmentation
Getting around 2-factor authentication
Module 9: Attacking Smartphones
Building smartphone malware
Recording the camera
Recording the microphone
Stealing the contact list
Collect text messages
Module 10: Red Team Exercise
The last day of the course is a practical Red Team exercise where students will put the skills they have learnt into practice. Students will practice Red Teaming against a network with hundreds of machines, containing multiple VLANs, and which are properly defended by endpoint detection, response and defence-in-depth.
Payment methods are either booking online via Event Brite or contacting us for an invoice.
Payment is required at the time of booking.
Cancellation notifications after 14 days prior to course commencement date are not eligible for refund.
Cancellations received between 15 and 28 days prior to course commencement will be charged 50% of the course fee.
Students are allowed 1 reschedule per class. Transfers received between 15 – 28 days prior to course commencement will be charged a $300 (incl GST) administrative fee. The new session date must be given at the time of the reschedule notification and rescheduled classes must be taken within 6 months of original scheduled date.
Transfers received 14 days or less prior to course commencement will be charged 50% of the course fee. The new session date must be given at the time of the reschedule notification and rescheduled classes must be taken within 6 months of original scheduled date.
Payment must be made in full prior to any rescheduling.
Student substitutions can be made in writing 48 hours prior to a class start.
If a student does not attend a scheduled session, there will be no refund or reschedule given. Payment is forfeited.
Mossé Security reserves the right to cancel a course and will endeavour to provide participants with as much notice as possible. Upon cancellation, any fees already paid by the participant will be refunded.
We recommend students to have mastered the concepts and techniques covered in the previous level of Red Team course series before attending this course.
Bring a laptop running the Windows or UNIX operating system with the OpenVPN or Tunnelblick client to connect into our training lab in the cloud.
Bring Your Hacking Toolset
For the Red Team exercise on day 5 of the course, we invite you to bring your own hacking tools and put them to the test against a hardened enterprise network protected by our instructor(s).