Cyber Security Courses

  1. Home
  2. Cyber Security Courses
  3. Dragon-Net Red Team Exercise

Dragon-Net Red Team Exercise

Dragon-Net "Red Team Exercise" is an, expertly guided, hands-on experience conducting simulated real-world attacks against procedurally generated computer networks. During the mock exercise, Mossé Security instructors guide students towards their target, assisting them to employ concepts and strategies that advanced persistent threats (APTs) use to great effect.

The skills gained, and methodologies practiced during this exercise, can then be applied to attack any organization and provide decisive insight into their weaknesses, allowing for defences to be created to improve their resiliency to attackers.

How Does It Work?

Students connect to Mossé Security’s cloud environment and are provided RDP or SSH access into randomly selected workstations and servers located in edge network environments. From there, students will learn how to escalate privileges, move across computers, completely compromise the network(s), and compromise as many IT assets as possible.

Mossé Security will facilitate the workshop by teaching and providing expert guidance to the students as well as lending special assistance to the beginners. We will also deploy security monitoring software across the network(s) and inform students about forensics traces their attacks are generating so as to assist them improve the stealth of their tradecraft.

Overview

Workshop Outcome:

By attending this workshop, you will learn to:

  • Train your Red Team skills against a procedurally generated enterprise network(s)
  • Exploit Windows and Linux security vulnerabilities and steal credentials
  • Be confident traversing networks and compromising endpoints as you progress
  • Develop, improve and/or hone your offensive security capabilities
  • Test and invent new offensive tools

Workshop Format and Complexity

  • Basic Level: 5 to 10 machines
  • Moderate Level: 25 to 60 machines
  • Complex: +250 machines

Intended Audience

Penetration testers, Red Teamers, and security engineers. This course is also suitable for incident responders and forensics analysts looking to learn from attack techniques employed by adversaries.

Instructor(s):

This course is taught by experienced Mossé Security’s instructors. Our instructors have over 10 years of experience delivering penetration testing, red teaming and incident response services for a multitude of industries that have involved complex and multi-faceted approaches. Our instructors each possess the right balance of corporate experience and are competently skilled in presenting and teaching to groups.

Beyond their technical abilities and years of professional experience, our instructors are also trained teachers and public speakers. Their manner of teaching easily conveys their passion for computer security to every one of our students.

Course Outline

This workshop is a time-boxed event where the participants attempt to achieve the best results within a pre-set time limit.

Exploitation

  • Web and desktop application vulnerabilities
  • Weak files and objects permissions
  • Insecurely stored credentials
  • Insecurely configured user accounts
  • Weak passwords
  • UAC Bypasses

Execution

  • PowerShell
  • Command-line interface
  • Rundll32, regsvr32, and installUtil
  • Wscript.exe and cscript.exe
  • WMI
  • Scheduled tasks

Reconnaissance

  • Registry enumeration
  • Filesystem searching
  • DNS enumeration
  • Network sniffing
  • Active Directory enumeration
  • Keychain
  • File shares
  • Private keys

Lateral Movement

  • Credential dumping
  • Pass-the-hash
  • Pass-the ticket
  • Windows Access Tokens
  • Logon scripts
  • WMI
  • SMB
  • RDP
  • SSH
  • X11

Persistence

  • Writing custom backdoors and rootkits
  • Installing backdoors throughout the networks
  • Testing command and control channels

Anti-Forensics

  • Employing “Living of the Land” techniques
  • Utilising the operating system against itself

Enrolment & Fees

Fees

  • Fees are dependant on the size and complexity of the workshop on offer.

Terms and Conditions

  • Payment is made via Humanitix or by contacting us to receive an invoice.
  • Payment is required at the time of booking.
  • Cancellation notifications within 14 days of the course's start date are not eligible for refund.
  • Cancellations received between 15 and 28 days prior to course commencement will be charged 50% of the course fee.
  • Students are allowed 1 reschedule per class. Transfers received between 15 – 28 days prior to course commencement will be charged a $300 (incl GST) administrative fee. The new session date must be given at the time of the reschedule notification and rescheduled classes must be taken within 6 months of original scheduled date.
  • Transfers received 14 days or less prior to course commencement will be charged 50% of the course fee. The new session date must be given at the time of the reschedule notification and rescheduled classes must be taken within 6 months of original scheduled date.
  • Payment must be made in full prior to any rescheduling.
  • Student substitutions can be made in writing 48 hours prior to a class start.
  • If a student does not attend a scheduled session, there will be no refund or reschedule given. Payment is forfeited. Mossé Security reserves the right to cancel a course and will endeavour to provide participants with as much notice as possible. Upon cancellation, any fees already paid by the participant will be refunded.

Requirements

Technical Requirement

You will need to install a VPN software on your training laptop. This will allow you to access the training environment in the cloud.

On Windows, you will install OpenVPN. On OSX or Linux, it will be Tunnelblick.

MCSI will provide you a step-by-step guide to test your VPN connection ahead of the workshop.

Career Outcomes

Students will be able to use the lessons learned and the skills acquired from the workshop immediately upon returning to work at their own organizations.

Certification Detail

NOTIFY ME

Notify me when this course is offered next

Visit our Frequently Asked Questions (FAQ) page for answers to the most common questions we receive.