Modern day attackers are relentlessly developing new tradecraft and methodologies that allow them to successfully compromise hardened targets for a variety of motivations. While it may look easy from the outside, there are many latent steps that attackers take to ensure their success. Our job as red teamers is emulate this attack life cycle in an effort to identify and remedy these vulnerabilities.

Attackers bring unique perspectives, tools, and resources to the table in their efforts to accomplish their goals, requiring organizations to do the same by consistently applying new defensive technologies and procedures to prevent their environment from being breached. When conducting a red team assessment against organizations with mature security programs, you need to ensure you are using the latest tradecraft and techniques to help avoid detection. That’s where we come in!

Step by step, we will take you through the attacker lifecycle and capture best practices that you can follow to protect your access. You will start with no information, build a profile on your target, persist within their environment, bypass modern defenses, and achieve the goals of your test. We will immerse students in a new environment and require the application of techniques taught throughout the class. You’re going to learn methods to capture information about your target before even gaining access, writing custom malware to evade detection, use the latest application whitelisting bypasses to survive and compromise protected systems, develop strategies for persisting within the target environment, and accomplishing the goals of your assessment.

We are pulling back the curtain! The methods we teach are based upon past-experience in real world scenarios that FortyNorth Security has used to compromise and maintain access while avoiding detection by the target’s blue team. Upon completion of the class, you will have an arsenal of new techniques that can be utilized to yield highly successful assessments. If attending while in a blue team capacity, you will have the ability to see what tools and techniques modern attackers are using to compromise hardened environments and develop techniques to help protect your organization. All students will have the ability to join the Veil Framework Beta team, if requested, to have access to the latest techniques and code prior to becoming public.

Who Should Take This Course

This course is designed for attendees who have experience performing red team assessments and want to take their skillset to the next level. You will learn cutting-edge techniques modern attackers are using today and test yourself in an environment that is based off real-world networks and defenses.

Student Requirements

Students should be comfortable with general penetration testing and red teaming concepts, operating in a Windows domain environment, and have the ability to gain a general understanding of how a tool works when reviewing the source code.

What Students Should Bring

Students will need a bring a laptop with virtualization technology installed (preferably VMWare). The laptop should have at least 8 gigs of RAM, a wireless network adapter, and wired network adapter.

What Students Will Be Provided With

Students will be provided with class materials and a virtual machine that will be used for the course. Additionally, all students will be included (if they would like) within the Veil Framework’s Beta team. This will give students access to the latest private code which will contain new code and techniques, which will help students generate malware that isn’t detected, that can be used immediately on their assessments. Finally, students are given access to a private repository which contains custom developed code that we use on our red team assessments that help prevent us from getting caught and allow us to successfully break into our customer’s environment.

Trainers

Christopher Truncer (@ChrisTruncer) is a co-founder and Offensive Security Lead with FortyNorth Security. He is a co-founder and current developer of the Veil-Framework, a project aimed to bridge the gap between advanced red team and penetration testing toolsets. Chris began developing tools that are not only designed for the offensive community, but can enhance the defensive community’s ability to defend their network as well.