Practical Red Teaming: Weaponization & Adversary Simulation is a hands-on offensive training that focuses on helping organizations battle against ever-growing targeted attacks and ransomware attacks by simulating their adversaries and put your defenses and your blue team at test to improve the organization security posture.
This training focuses on developing cyber weapons that can evade AV detection, EDR logs and forensics traces like how targeted ransomware attacks do, and provide you with insights on how to improve your organization's overall detections and security posture
This training is for Security Professionals who want to expand their skills in red teaming, understand how real-world attacks look like and better protect their organizations against APT Attacks, Targeted Ransomware attacks and Fileless attacks
Simulate a real APT Attack given its TTPs and build their own malware to test their defenses (or clients' defenses) against completely new malware.
Build their own Red Team infrastructure and secure it from being detected or blocked by the company's security team.
Learn not just the techniques and how to use them, but how each technique works internally and how they can develop their own version of it.
What is an APT Attack?
What are the Attack Stages? And what’s MITTRE ATTACK?
APT attack lifecycle Examples of real-world APT attacks
Deep dive into the attackers' tactics, techniques, and procedures (TTPs) Using Threat Intelligence
Understand the attackers' malware arsenal
Setting Up Your Infrastructure in the cloud
Setting up your account in AWS & Terraform
Build your network and Caldera VM in the cloud
Create Redirectors to obfuscate your C&C IP
Create a Phishing Platform using GoPhish
Create Your Phishing Pages using EvilGinx 2
Build Your Phishing plan using OSINT
Build your phishing emails templates
Bypass 2-Factor Authentication using EvilGinx 2
Spearphishing with malicious document (Hands-on)
Bypassing Microsoft Disabled Macros (Hands-on)
Spearphishing with link
Spearphishing using social media
Advanced Execution Techniques: LNK Files (Hands-on)
Advanced Execution Techniques: COM Objects
Bypassing Whitelisting: Abusing Microsoft Legitimate Applications
Build a Vulnerable organization in AWS
Connect to Caldera C2 using HTTP
Implement Base64 encoding in your malware
Implement JSON parsing in your malware
Send victim machine information to your C&C
Receive and execute commands from Caldera
Automate command execution across multiple victim
Maintain Persistence in the victim machine
Advanced Persistence methods
Disguise the malware inside a legitimate process (Malware-as-a-DLL)
Persistence through DLL Injection
UAC bypass techniques
Advanced UAC bypass techniques: Abusing Application Shimming
Abuse services for privilege escalation
Escalate to SYSTEM account.
Strings Encryption
Advanced Encryption Techniques
Dynamic API Loading
Hidden In Plain Sight: Malware Steganography
Network Data Encryption
Hidden In Plain Sight 01: HTML Smuggling
Hidden In Plain Sight 02: Steganography
Using legitimate websites for communications
DNS Flux and DNS over HTTPS
Other Protocols & Channels (ICMP, DNS)
Process Injection & DLL Injection
Sysmon & EDR Bypass Techniques
Unhook EDR APIs
Invisible Process Injection Without Alerting EDRs
AppLocker And Application Whitelisting bypass Techniques
Signed your malware with a trusted Certificate
Credential Theft using lsass memory dump
Bypass lsass protection
Token Impersonation & Logon Types Overview
Token Impersonation implementation in your malware
Steal Remote Desktop Sessions
Lateral movement using caldera and your agent
Using WMIC & Powershell to gather users and network information
Understand domain account permissions and access level
NTLM Attacks: Pass The Hash
Kerberos Attacks: Pass The Ticket
Kerberos Attacks: Overpass The Hash
Silver & Golden Tickets
Lateral movement using Remote COM Objects
Lateral movement using WMIC & Powershell Remoting
Demonstrating AD attacks through a series of exercises in a simulated AD environment
Amr Thabet is a malware researcher and an incident handler with over 10 years of experience, he worked in some of the Fortune 500 companies including
Symantec, Tenable, and others.
He is the founder of MalTrak and the author of "Mastering Malware Analysis" published by Packt Publishing.
Amr is a speaker and a trainer at some of the top security conferences all around the world, including Blackhat, DEFCON, Hack In Paris and VB Conference. He was also featured in Christian Science Monitor for his work on Stuxnet.
His mission is to help security professionals all around the world to build their expertise in malware analysis, threat hunting, red teaming. and most importantly, protect their organization's infrastructure from targeted attacks, ransomware attacks, and APT attacks.
Here is the list of the upcoming training (Virtual & In-person).
Month | Training | Location | Dates | Register |
---|---|---|---|---|
April 2022 | In-Depth Investigation & Threat Hunting | Virtual | April 25-28, 2022 | Register |
June 2022 | Hands-on Malware Analysis & Incident Response | Virtual | June 13-16 2022 | Register |
Aug 2022 | Advanced Red Teaming: Weaponization & Adversary Simulation | Virtual | Aug 22-25, 2022 | Register |
Are you looking for a group training for your team? To discuss your specific requirements, reach out to us from here
You can check out our resources that will show you exactly the quality and support you can expect from our Master's Program and our Training programs, and see why MalTrak students are in such high demand
The Step-by-Step Guide to become a 6-Figure Cybersecurity Consultant
The top 4 reasons you are vulnerable to these attacks and how to implement threat hunting today to become more resilient against these attacks.
These are 3 expert-crafted copy-paste cheatsheets accompanied by a hands-on training to help you impersonate an expert in the field, analyze real cybersecurity attacks, showcase your skills to land your first job in the field
All you need is:
➡️ Good IT Administration Background especially in Windows (Linux preferred)
➡️ Good Cybersecurity & Network protocols background
➡️C++ Programming Background
Laptop with minimum 8GB RAM and 10-20 GB free hard disk space (Windows preferably for C++ compilation)
It's a live 4-days training delivered either in person or virtually through Zoom
In case of virtual event (through zoom), you will have access to the recordings for one year after the training
Yes, you will.