Intrusion operations is our advanced Red Team training course. Modern day attackers are relentlessly developing new tradecraft and methodologies that allow them to successfully compromise hardened targets for a variety of motivations. While it may look easy from the outside, there are many latent steps that attackers take to ensure their success. Our job as red teamers is emulate this attack life cycle in an effort to identify and remedy these vulnerabilities.
Attackers bring unique perspectives, tools, and resources to the table in their efforts to accomplish their goals, requiring organizations to do the same by consistently applying new defensive technologies and procedures to prevent their environment from being breached. When conducting a red team assessment against organizations with mature security programs, you need to ensure you are using the latest tradecraft and techniques to help avoid detection. That’s where we come in!
Step by step, we will take you through the attacker lifecycle and capture best practices that you can follow to protect your access. You will start with no information, build a profile on your target, persist within their environment, bypass modern defenses, and achieve the goals of your test. We will immerse students in a new environment and require the application of techniques taught throughout the class. You’re going to learn methods to capture information about your target before even gaining access, writing custom malware to evade detection, use the latest application whitelisting bypasses to survive and compromise protected systems, develop strategies for persisting within the target environment, and accomplishing the goals of your assessment.
We are pulling back the curtain! The methods we teach are based upon past-experience in real world scenarios that FortyNorth Security has used to compromise and maintain access while avoiding detection by the target’s blue team. Upon completion of the class, you will have an arsenal of new techniques that can be utilized to yield highly successful assessments. If attending while in a blue team capacity, you will have the ability to see what tools and techniques modern attackers are using to compromise hardened environments and develop techniques to help protect your organization. All students will have the ability to join the Veil Framework Beta team, if requested, to have access to the latest techniques and code prior to becoming public.
Who Should Take This Course
What Students Should Bring
What Students Will Be Provided With
One of the most critical aspects of any red team assessment is obtaining initial access into your target’s environment. The ability to capture valid credentials or execute code within your target’s environment is the first step toward accomplishing the rest of your assessment goals.
In this course, students will learn a variety of techniques used by attackers to phish companies and then write their own malware in a hands-on environment.
This class will cover a wide range of topics over a two-day period:
At the conclusion of the class, students will have a strong understanding of different techniques used by modern attackers in phishing attacks. Additionally, all students will have learned various methods to extend basic phishing attacks to include process injection techniques that are used to avoid detection.
Note: While this is an introductory class, attendees should have an understanding of basic programming concepts to get the most out of this class. Experience with .NET would be extremely beneficial. This course is geared toward attacking Window’s environments and all malware written during class will be for Window’s targets.
Assume Breach Operations (“ABO”) bridges the gap between the external penetration testing skills detailed in courses such as the OSCP and the red team skills typically included in advanced intrusion operations courses. The ABO course focuses exclusively on conducting an assumed breach/internal penetration test, which does not require stealthy navigation (i.e. red team operations). Students will learn all of the fundamental techniques necessary to perform testing on an internal Windows enterprise network. Upon completion of the ABO course, students interested in becoming red team operators will have the foundational knowledge necessary to participate in advanced trainings, such as FortyNorth’s Intrusion Operations course.