RED TEAM TRAINING COURSE – ADVANCED THREAT ACTOR SIMULATION (ATAS)

Our Red Team Training course aims to train an already inquisitive mind on how to operate and simulate real-world threat actors. The course is fast paced and highly intensive, teaching delegates an in-depth methodology and approach while operating as a professional Red Teamer. We not only show delegates how to perform advanced red team tactics, techniques and procedures (TTP’s) but further cover how to run a successful end-to-end engagement with a focus on operational security and risk.

Course Audience: Those already operating as Red Teamers
Course Length: Four Days
Location: Remote or Onsite

“The training team provided unprecedented access to lessons from the front line that cannot be extracted from books, blogs and training materials or other courses”
– Dan Stewart, Head of Testing at Quorum Cyber

What Is Included In Red Team Security Training?

The tactics and techniques taught in this course are constantly updated and adapted to keep up-to-date with the latest techniques used by known threat actors in the wild. The latest TTPs being used by real-world threat actors will be demonstrated on a practical level. This includes stealthily bypassing defensive security controls (Common EDR’s and next gen AV), which are typically operating within modern enterprise environments and the pitfalls and lessons learned through many engagements and built-up experience across our Red Team. The instructors will impart knowledge from the field including wins, losses, improvements, optimisations and most importantly operational security.

This red team training course includes both a theory element as well as hands on practical exercises, where the techniques learned can be practiced in a training lab environment specifically designed to replicate a typical corporate network. While the course focuses heavily on the latest offensive techniques used by a Red Team, it also covers common defensive techniques that are deployed by the blue team, such as host-based event logging and monitoring, strict egress filtering, application whitelisting and various other endpoint protections, such as EDR and next generation AV.

Key Takeaways

  • Perform a simulated phishing attack against a typical corporate environment with standard defences, such as EDR (Microsoft Defender and Kaspersky), mail filtering and AppLocker restrictions (use the knowledge you have gained through the course to obtain a foothold).
  • Perform situational awareness and lay persistence to secure your initial foothold. Users are simulated and may reboot their workstations from time to time to ensure they have the latest updates.
  • Perform reconnaissance against a multi-domain environment and attempt to enumerate Active Directory and find any vulnerabilities that may or may not exist within the environment, keeping OpSec in mind.
  • Attempt privilege escalation on-host and against the environment using your C2 framework of choice and aim to perform multi-layered network pivoting to access multiple targets in a highly monitored network.
  • Enumerate the target objective and attempt to compromise the critical system in scope for the Red Team. This will include multiple levels of privilege escalation and lateral movement in order to gain access to the objective system.
 

How Is The Red Team Training Conducted?

The training is conducted either remotely or onsite utilising cloud-based infrastructure to support the deployment of a complex and real-life lab. The course comprises a fast paced and comprehensive syllabus delivered by multiple instructors and supported by many labs that will build on each phase of a Red Team, from preparation to execution.

Each delegate will be presented with a copy of the training materials, lab guides and scripts. Should the training be remote the training will be conducted over Microsoft Teams while utilising Slack for comms, questions and chatting before during and after the training is finished.

Prerequisites

Remote pre-requisites differ for an onsite delivery as the labs and assault course can be brought with the team for onsite delivery.

Remote:
• Stable Internet Access
• Outbound SSH and RDP Access

Onsite:
Delegate laptops should have the ability to run two Virtual Machines, preferably on VMWare with permission to bridge the network interface to the Internet. These VMs will be provided prior to the course via a download link that we will supply.

All student must have administrative rights over the laptop in order to install any software that may be required and have webcams and audio dial in via MS Teams.

Laptop Hardware requirements:
• 8 GB RAM minimum
• 100 GB of available HDD space
• Internet connection with over 5Mb download speed

 

Frequently Asked Questions About Our Red Team Training

Can I contact the organiser before the start date to check I have all the prerequisites in place?
Yes of course, please direct all enquiries regarding the training via info@goipaula.com with a subject of ‘training’.

Will I get a PDF document with the slides and handouts for the course?
There is a watermarked PDF provided with every purchase of the course that will be e-delivered before starting the training. Each PDF handbook will be watermarked with the delegates full name and email address.

How do I access the labs for this course?
The labs for this course are all hosted online and will be accessible from any unfiltered internet connection. Each delegate will be provided their own virtual private servers (VPS) in the cloud to perform the exercises and corresponding final labs (1 x Windows and 1 x Linux).

Will the labs be online after the course has finished?
The labs will only be available for the duration of the course and then will be shutdown.

Can I use my own C2 framework for the labs?
This course is C2 framework agnostic and it’s possible to use any tools that you wish to undertake the challenges and exercises, however, if the C2 framework is not known to the trainers they may not be able to provide support for the labs. Most common frameworks used for this training is PoshC2, Cobalt Strike, Empire & Covenant.

What software do I need to go on this course?
Please see the prerequisites above for more information. For any additional enquiries please contact us via labs@nettitude.com with a subject of training.

Will I get a certificate for completion of this course?
LRQA Nettitude will send a digital certificate to all successful delegates that complete the training course.

Previous Delegate Testimonials:

“The training team provided unprecedented access to lessons from the front line that cannot be extracted from books, blogs and training materials or other courses”
– Dan Stewart – Head of Testing, Quorum Cyber

“Great course content delivered by extremely knowledgeable Red Teamers. The practical lab was a great environment where newly learned techniques can be applied”
– Sasha Raljic – Principal Security Consultant

“Offers excellent value for penetration testing consultants wanting to increase their knowledge and skill. It taught real-world effective simulated attack strategies, tools and techniques which I now use to conduct simulated attacks against our clients”
– Kai Stimpson – Principal Security Consultant”

Get in touch via the form below and get a free quote from us for our Red Team Security Testing services.

Scroll to Top