Time: 01:30 PM - 06:30 PM
Practical Red Teaming is a hands-on class designed to teach participants with various techniques and tools for performing red teaming attacks. The goal of the training is to give a red teamer’s perspective to participants who want to go beyond VAPT. This intense course immerses students in a simulated enterprise environment, with multiple domains, up-to-date and patched operating systems. We will cover several phases of a Red Team engagement in depth – Local Privilege escalation, Domain Enumeration, Admin Recon, Lateral movement, Domain Admin privileges etc.
If you want to learn how to perform Red Team operations, sharpen your red teaming skillset, or understand how to defend against modern attacks, Practical Red Teaming is the course for you.
• Red Team philosophy/overview
• Red Teaming vs Penetration Testing
• Active Directory Fundamentals – Forests, Domains, OU’s etc
• Assume Breach Methodology
• Insider Attack Simulation
• Introduction to PowerShell
• Initial access methods
• Privilege escalation methods through abuse of misconfigurations
• Domain Enumeration
• Lateral Movement and Pivoting
• Single sign-on in Active Directory
• Abusing built-in functionality for code execution
• Credential Replay
• Domain privileges abuse
• Dumping System and Domain Secrets
• Kerberos – Basics and its Fundamentals
• Kerberos Attack and Defense (Kerberoasting, Silver ticket, Golden ticket attack etc)
Attendees will be provided with:
• Training Materials and Slides
• Lab VM to practice and enhance your skills further
Pre-requisites for the attendees:
• Laptop with administrator privileges.
• 100 GB of free Hard Disk Space.
• Minimum 12 GB of RAM on host laptop. • Latest VMWare Workstation/Player installed
• Other virtualization software might work but we will not be able to provide support for that
What not to expect:
• Becoming Red Team Ninja in a day.
• Writing and scripting your own tool.
• Any exercise/demo on a live network/environment.
Ajay is an enthusiastic and passionate Information Security Professional with more than 4 years of professional experience across various flavoured information security domains. He holds Certified Red Teaming Expert, OSCP, CREST (CPSA, CRT), CEH as a knowledge credentials in his professional career. He also received acknowledgement from Google-Drive Add-on Editey, Microsoft & General Motors for finding some interesting security bugs in their website. He has earned CVE-2018-20341 for finding windows unquoted service privilege escalation flaw in proprietary software. He is an active blogger at koolacac.blogspot.in, where he writes about offensive research and his security findings experience.
Nitesh Malviya has 5+ years of experience in various Infosec domain. Officially he is into Penetration testing but has overall knowledge of other domains too. He has OSCP and CISEH certification in his badge and has provided training for various clients and colleges across pan India. Currently he spends his time researching and working on various Red teaming techniques for his clients. He maintains his own blog at https://resources.infosecinstitute.com/author/niteshmalviya/