Advanced Threat Emulation: Red Teams

In this course, students will learn to build a Red Team, scope engagements, and execute successful threat emulation plans. They will conduct OSINT, deploy secure infrastructure, and identify key points to communicate to the Blue Team during debriefs.

Course Overview

1. Introduction
2. Course Material
3. Using Snaps Labs
1. Red Teaming vs Penetration Testing
2. How Threat Emulation Provides Value
3. Red, Blue, and the White Cell - Roles in Red Team Assessments
1. Identifying Client Objectives and Picking a Threat
2. Engagement Plan and Concept of Operations
3. The Resource Plan and How to Build Your Team
4. Doing the Thing: Operations and Mission Plans
1. Active vs Passive Recon
2. What Data Do We Need?
3. Intro to Social Engineering
4. Basics of OSINT
5. Updating our Campaign Plan with Collected Data
1. Simple Attack Infrastructure
2. Segmented Architectures
3. Leveraging Recon Data to Deploy Infrastructure
4. Deploying Secure Gateways
5. Platform-as-a-Service Redirectors
1. .NET Deep Dive
2. Outlook, SharePoint and Edge Devices
3. AMSI and Defender
4. EDR and SIEMS
1. Assumed Compromise vs Conducting Initial Exploitation
2. Types of Initial Compromise
3. Phishing Attacks and Credential Harvesting
4. Migrating from Initial Compromise Tools to Post-Exploitation
5. Host Enumeration
6. Network Enumeration
7. Updating Plans Based on Initial Access Outcomes
1. Divergence of Red Team and APT TTPs
2. Establishing Persistence
3. Local Privilege Escalation
4. Active Directory Exploitation
5. Data Exfiltration and Customer Concerns
6. Network Pivoting
7. Share Phishing
1. The Importance and Dangers of Cyber Effects
2. Indicators of Compromise and Tying Actions to the Funnel of Fidelity
3. How to Run a Debrief
4. Assessing Risk and How to Communicate It
5. Structuring a Report
6. Writing for the Audience: Board vs Technical

Key Takeaways

Tailor Threat Emulation to Customer Needs
Learn How to Plan a Red Team Campaign
Apply APT TTPs in a Real World Environment

Advanced Threat Emulation: Red Teams

Course Overview

Introduction

Overview of Red Teaming

Campaign Planning

Informing the Plan: Reconnaissance

Building Infrastructure

Enterprise Attack Surfaces

Deploying the Campaign: Initial Access

Executing the Campaign: Network Operations

Concluding the Campaign: Reporting and Debriefing

Key Takeaways

Interested in Taking This course?