Advanced Windows Tradecraft
Organizations with a mature security model want to test their security controls against sophisticated adversaries. Red teams that want to simulate such adversaries need an advanced tradecraft. Such a tradecraft must include the ability to adapt to the target environment, modify existing tactics and techniques to avoid detection, swiftly switch between tools written in different languages supported on Windows, break out of restrictions, utilize functionality abuse and keep up with the game of bypassing countermeasures. If you want to take your Windows tradecraft to the next level then this is the course for you.
This training takes you through a tradecraft for Red Teaming a Windows environment with nothing but trusted OS resources and languages. We will cover multiple phases of a Red Team operation like initial foothold, enumeration, privilege escalation, persistence, lateral movement, exfiltration etc. in a fully updated and patched lab with countermeasures enabled.
Some of the topics covered in the class:
• Offensive C#, PowerShell, Jscript/VBScript
• Bypassing Application Whitelisting
• Bypassing host countermeasures
• Evading process tree based detection
• Evading advanced logging (Command line, PowerShellv5, Sysmon etc.)
• In-memory assembly and shellcode execution
• Offensive WMI
• COM hijacking
• Advanced Client Side Attacks on restricted and secure environments
• Local and domain privilege escalation
Attendees will get free one month access to a lab configured like an enterprise environment during and after the training.
- Introduction to the methodology
- Windows as an attack platform
- Offensive PowerShell
- PowerShell without powershell.exe
- Offensive C#
- Offensive Jscript/VBScript
- COM Hijacking
- Bypassing application whitelisting
- Bypassing host countermeasures
- Evading process tree based detection
- Evading advanced logging (Command line, PowerShellv5, Sysmon etc.)
- Advanced Client Side Attacks in restricted environment (AWL and ASR enabled)
- Local and Domain privilege escalation
- Persistence (on host, domain and forest)
- Advanced Lateral Movement
- Defenses and Detection
Who should take this course?
Red teamers and penetration testers who want to take their Windows tradecraft to the next level will find this course very useful. Blue teamers and security professionals who want to understand the how sophisticated adversaries target their organization should take this course.
• Prior experience with Red Teaming or penetration testing.
• Prior experience with using Windows as an attack platform will be helpful.
What students should bring
• System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes. Privileges to disable/change any antivirus or firewall.
What students will be provided with
• Attendees will get free one month access to a lab configured like an Enterprise environment during and after the training.