Practical Red Teaming: Weaponization & Adversary Simulation

Live Instructor-Led Training (4 Days)

This is a live instructor-led training that focuses on developing cyber weapons that can evade AV detection, EDR logs and forensics traces like how advanced targeted attacks do, and provide you with insights on how to improve your organization's overall detections and security posture

HANDS-ON TRAINING

Practical Red Teaming: Weaponization & Adversary Simulation is a hands-on offensive training that focuses on helping organizations battle against ever-growing targeted attacks and ransomware attacks by simulating their adversaries and put your defenses and your blue team at test to improve the organization security posture.

This training focuses on developing cyber weapons that can evade AV detection, EDR logs and forensics traces like how targeted ransomware attacks do, and provide you with insights on how to improve your organization's overall detections and security posture

WHO IS THIS TRAINING FOR?

This training is for Security Professionals who want to expand their skills in red teaming, understand how real-world attacks look like and better protect their organizations against APT Attacks, Targeted Ransomware attacks and Fileless attacks

Top Takeaways from this training

  • Simulate a real APT Attack given its TTPs and build their own malware to test their defenses (or clients' defenses) against completely new malware.

  • Build their own Red Team infrastructure and secure it from being detected or blocked by the company's security team.

  • Learn not just the techniques and how to use them, but how each technique works internally and how they can develop their own version of it.

WHAT'S IN THE TRAINING?

DAY #1

APT Attacks & Red Team Infrastructure on AWS

  • What is an APT Attack?

  • What are the Attack Stages? And what’s MITTRE ATTACK?

  • APT attack lifecycle ​Examples of real-world APT attacks

  • Deep dive into the attackers' tactics, techniques, and procedures (TTPs) Using Threat Intelligence

  • ​Understand the attackers' malware arsenal

  • Setting Up Your Infrastructure in the cloud

  • Setting up your account in AWS & Terraform

  • Build your network and Caldera VM in the cloud ​

  • Create Redirectors to obfuscate your C&C IP

Phishing & Social Engineering Mastery

  • ​Create a Phishing Platform using GoPhish

  • ​Create Your Phishing Pages using EvilGinx 2

  • ​Build Your Phishing plan using OSINT

  • ​Build your phishing emails templates

  • ​Bypass 2-Factor Authentication using EvilGinx 2

Initial Access: Get your foot into the organization network

  • ​Spearphishing with malicious document (Hands-on)

  • Bypassing Microsoft Disabled Macros (Hands-on)

  • Spearphishing with link

  • Spearphishing using social media

  • ​Advanced Execution Techniques: LNK Files (Hands-on)

  • ​Advanced Execution Techniques: COM Objects

  • ​​Bypassing Whitelisting: Abusing Microsoft Legitimate Applications

DAY #2

Write Your First HTTP Malware

  • ​Build a Vulnerable organization in AWS

  • Connect to Caldera C2 using HTTP

  • Implement Base64 encoding in your malware

  • ​Implement JSON parsing in your malware

  • ​Send victim machine information to your C&C

  • ​Receive and execute commands from Caldera

  • ​Automate command execution across multiple victim

Maintaining Persistence In-Depth (Advanced Techniques)

  • Maintain Persistence in the victim machine

  • Advanced Persistence methods

  • Disguise the malware inside a legitimate process (Malware-as-a-DLL)

  • Persistence through DLL Injection

Privilege Escalation Techniques

  • UAC bypass techniques

  • Advanced UAC bypass techniques: Abusing Application Shimming

  • Abuse services for privilege escalation

  • Escalate to SYSTEM account.

DAY #3

Malware Obfuscation: Bypass File Signature Scanning

  • Strings Encryption

  • Advanced Encryption Techniques

  • Dynamic API Loading

  • Hidden In Plain Sight: Malware Steganography

Network Obfuscation: Bypass IDS, IPS, NDR, and Machine learning-based tools

  • Network Data Encryption

  • Hidden In Plain Sight 01: HTML Smuggling

  • Hidden In Plain Sight 02: Steganography

  • Using legitimate websites for communications

  • DNS Flux and DNS over HTTPS

  • Other Protocols & Channels (ICMP, DNS)

Bypass EDRs & Behavioral-Based Detection

  • Process Injection & DLL Injection

  • Sysmon & EDR Bypass Techniques

  • Unhook EDR APIs

  • Invisible Process Injection Without Alerting EDRs

  • AppLocker And Application Whitelisting bypass Techniques

  • Signed your malware with a trusted Certificate

DAY #4

Impersonating Users: Credential Theft & Token Impersonalization

  • Credential Theft using lsass memory dump

  • Bypass lsass protection

  • Token Impersonation & Logon Types Overview

  • Token Impersonation implementation in your malware

  • Steal Remote Desktop Sessions

  • Lateral movement using caldera and your agent

Hack the Domain Controller Through Lateral Movement

  • Using WMIC & Powershell to gather users and network information

  • Understand domain account permissions and access level

  • NTLM Attacks: Pass The Hash

  • Kerberos Attacks: Pass The Ticket

  • Kerberos Attacks: Overpass The Hash

  • Silver & Golden Tickets

  • Lateral movement using Remote COM Objects

  • Lateral movement using WMIC & Powershell Remoting

AD Attacks Lab Exercise

Demonstrating AD attacks through a series of exercises in a simulated AD environment

WHAT OTHER STUDENTS SAY ABOUT THIS TRAINING?

Amr Thabet


Amr Thabet is a malware researcher and an incident handler with over 10 years of experience, he worked in some of the Fortune 500 companies including
Symantec, Tenable, and others.

He is the founder of MalTrak and the author of "Mastering Malware Analysis" published by Packt Publishing.

Amr is a speaker and a trainer at some of the top security conferences all around the world, including Blackhat, DEFCON, Hack In Paris and VB Conference. He was also featured in Christian Science Monitor for his work on Stuxnet.

His mission is to help security professionals all around the world to build their expertise in malware analysis, threat hunting, red teaming. and most importantly, protect their organization's infrastructure from targeted attacks, ransomware attacks, and APT attacks.

The strategies, skills, and tools required to simulate real targeted attacks and harden your organization's defenses and security teams

ALL OUR LIVE TRAINING SCHEDULE

Here is the list of the upcoming training (Virtual & In-person).

Month Training Location Dates Register
April 2022 In-Depth Investigation & Threat Hunting Virtual April 25-28, 2022 Register
June 2022 Hands-on Malware Analysis & Incident Response Virtual June 13-16 2022 Register
Aug 2022 Advanced Red Teaming: Weaponization & Adversary Simulation Virtual Aug 22-25, 2022 Register

LOOKING FOR GROUP TRAINING?

Are you looking for a group training for your team? To discuss your specific requirements, reach out to us from here

NOT YET READY YET?

You can check out our resources that will show you exactly the quality and support you can expect from our Master's Program and our Training programs, and see why MalTrak students are in such high demand

Watch Our On-Demand Webinars

The Most Demanded Cybersecurity Skills in 2024

The Step-by-Step Guide to become a 6-Figure Cybersecurity Consultant

The Only Step-by-Step Guide You Need to Combat APT & Targeted Ransomware Attacks Using Threat hunting

The top 4 reasons you are vulnerable to these attacks and how to implement threat hunting today to become more resilient against these attacks.

Enroll In Our Entry-Level Courses

Shortcut Your Career To Cybersecurity Cheatsheets

These are 3 expert-crafted copy-paste cheatsheets accompanied by a hands-on training to help you impersonate an expert in the field, analyze real cybersecurity attacks, showcase your skills to land your first job in the field

Get Our Book

WHAT ARE THE TRAINING PREREQUISITES?

All you need is:
➡️ Good IT Administration Background especially in Windows (Linux preferred)

​➡️ Good Cybersecurity & Network protocols background

​➡️C++ Programming Background

WHAT HARDWARE/SOFTWARE IS REQUIRED?

Laptop with minimum 8GB RAM and 10-20 GB free hard disk space (Windows preferably for C++ compilation)

 IS THIS A LIVE TRAINING OR ON-DEMAND COURSE

It's a live 4-days training delivered either in person or virtually through Zoom

IS THERE A RECORDING? HOW LONG DO I HAVE ACCESS TO THE CONTENT?

In case of virtual event (through zoom), you will have access to the recordings for one year after the training

DO I GET A CERTIFICATION OF COMPLETION AFTER THE TRAINING?

Yes, you will.

©2024 MalTrak Limited - All Rights Reserved.

Inniscarra, Main Street, Rathcoole, Dublin, D24 EO29