Course Details
Duration: 5 days; /35 hours; Instructor-led/ remote online training
Audience
- Red Teamers
- Bug Bounty Hunters
- Security Analysts
- Vulnerability Assessors
- Penetration Testers
- IT Security Professionals
- Security Consultants
- Blue Team members, Defenders, and Forensic Analyst
- Anyone who wants to learn the Offensive side of Cyber Security
Prerequisites
- Cybertronium Certified Penetration Tester or other Pentest certifications
OR
- A thorough understanding of Penetration Tests and Security Assessments
- Networking Basics
- Understanding & Navigating Different OSes like Windows, Linux
- Prior knowledge on OWASP TOP 10
- Knowledge of Active Directory
Methodology
This program will be conducted with interactive lectures, PowerPoint presentation, discussion and practical exercise.
Course Objectives
- Understand the MITRE ATT&CK Framework with details on techniques, tactics, and procedures (TTP) commonly used by threat actors as this can be used as a reference during Red Teaming.
- Understand the core concepts of adversary simulation, command & control, and how to plan an engagement.
- Learn about each stage of the attack lifecycle from initial compromise to full domain takeover, data hunting, and data exfiltration.
- Gain insight in to planning and conducting a red team operation including all the steps required to perform efficient opensource intelligence, design and automate the deployment of operational infrastructure, gain initial access and perform post-exploitation and lateral movement.
- Learn to mimic the offensive hacker mindset and think outside the box and come up with new attack vectors and approaches
- Learn Enumerate the target objective and attempt to compromise the critical system in scope for the Red Team. This will include multiple levels of privilege escalation and lateral movement in order to gain access to the objective system.
- Thoroughly understand and apply a variety of passive and active intelligence-gathering techniques
- Discover and leverage vulnerabilities towards take over and data breach
- Able to enter a target infrastructure using various covert and overt methods
- Able to Test and evade all types of security control types
- Perform a comprehensive red team operation penetration test, from reconnaissance to establishing a foothold and maintaining a covert presence.
- Perform post-exploitation tasks such as host and network reconnaissance, Pivot to n-tiered networks, and establish persistence.
- Perform Active Directory attacks such as kerberoasting, ASREP, abuse unconstrained delegation and exploit insecure ACLs, and move laterally across a Windows estate.
- Able to use MITRE ATT&CK techniques, tactics, and procedures (TTP) to plan and execute a red team operation.
Outlines
Module 1: Introduction to Red Teaming and Understanding of Attack DNA
- Introduction to Red teaming
- Role of red team in organizational security programs
- Red team vs. blue team
- Red team assessment phases
- Red teaming methodology
- Planning red team operations
- Attack Lab Infrastructure
- Threat Intelligence: Frameworks, Platforms, and Feeds
- What is MITRE ATT&CK Framework?
- Tactics, Techniques and Procedures (TTP)
- Indicators of Compromise (IoC) and Indicators of Attack (IoA)
- Mapping to ATT&CK from Raw Data: 2 Hands-on Labs on Real world attack logs.
Module 2: Host Exploitation : Windows & Linux
- Host Exploitation on Windows and Linux Operation systems with the following red teaming steps and tons of scenario based hands-on exercises:
- Reconnaissance (OSINT)
- Weaponization & Delivery
- Exploitation
- Establishing a backdoor (C&C)
- Installing multiple utilities
- Privilege escalation, lateral movement, and data exfiltration
- Maintaining persistence
- 35 Hands-on Exercises on the following 4 Real world scenarios without any automated exploitation tools:
- Microsoft Windows Server exploitation with persistence
- Web Application and FTP exploitation together with Linux privilege escalation, brute force, hash cracking, shell injection, process snooping, c&c communication and many more
- Content Management System and LFI Exploitation together with GTFOBins Privilege Escalation, network file share enumerations, c&c communication and many more
- Jenkins Open-Source Server Exploitation together with Windows Privilege Escalation, network traffic pivoting, c&c communication and many more
Module 3: Active Directory Exploitation
Most enterprise networks today are managed using Windows Active Directory and identity based exploitation is the low hanging fruit for hackers to gain access on the servers and to perform lateral movement and exfiltrate data from critical systems as we have seen in many high profile incidents in ASEAN like SingHealth. This module simulate real world attack with a non-admin user account in the domain and how hackers work their way up to become an enterprise admin. The focus is on exploiting the variety of overlooked domain features and not just software vulnerabilities and to establish that a single machine compromise in a AD environment is enough for an entire organizational compromise.
Following 9 Hands-on Lab Cover AD enumeration, trusts mapping, domain privilege escalation, domain persistence, Kerberos based attacks (Golden ticket), ACL issues, SQL server trusts, Defenses and bypasses of defenses:
- LLMNR Poisoning
- SMB Relay with Interact shell
- Gaining Shell
- IPv6 Attacks
- Pass the Hash/Password
- Token Impersonation
- Kerberoasting attack
- Golden Ticket Attack
