Open-Sec Red Team Operator
Description
Red teaming is more than a hype right now, no matters that maturity level an organization have, this is a kind of test that must be do it. But, there a lot of options to get trained for pentesting and some for red teaming, so, this is good option for blue teamers and pentesters to learn and confirm their knowledge about Tactics, Techniques and Procedures required in red team exercises. Going beyond just learning through demos and the lecture of ATT&CK framework, during this workshop We are goint to teach them how to start a phishing campaign (an effective one) to get the initial compromise and then move laterally in order to grab the crown jewels through an exfiltration channel controlled by a C2 with the extra value to learn how to bypass defenses like IPS, EDR, SIEM, etc.
Content
We are part of team focused in security testing and got very good experience doing red teaming in several kind of companies during last 2 years, so, We want to share this experience through a workshop. The outline is :
1.Intro
• What is Red Teaming
• Pentesting vs Red Teaming
• TTPs
• ATT&CK framework explained and why is not for red teamers
2.Discovery (RECON).
• Searching for useful data (what, why, where, when).
• Using search engines through APIs.
• Not so common search engines.
• Lab 2.1 : Make a profile for ACME Corp (fictional company) using Censys.
3.Initial Compromise
• Phishing campaign
• Spraying like a boss
• Powershell without Powershell
• IPS Evasion
• EDRs Evasion
• Lab 3.1 : Powershell without Powershell for the win
4.Lateral Movement
• Credentials harvesting
• Privilege Escalation
• Droppers and Implants
• SIEM Evasion
• Lab 4.1 : Getting credentials without locking accounts
5.Establishing a C2
• Lateral Movement with or without a C2
• C2 Components
• C2 frameworks
• Deploying a C2
• Bypassing the blue teamers actions (persistence)
• Lab 5.1 : Deploying a C2 in a persistent way
6.Searching for the crown jewels
• Identifying the right targets
• Searching in shared folders
• Getting a jewel from internal web applications
• Passive data gathering
• Lab 6.1 : Searching data on user machines
7.Exfiltration
• Data preparation
• Covert channels
• Covert repositories
• Lab 7.1 : Exfiltration made by hand
8.Extras but Required
• Physical Intrusion
• Report model
• How to help blue teams or going Purple
Students will need to bring just a laptop with MS Windows 7 or later and latest Kali Linux version. Virtual machines will be ok.
Trainers
Walter Cuestas
Walter is the OffSec Research Leader (OSCP, WhiteHat Security Certified Secure Developer). Also, he has been leading the Open-Sec pentesters/red teamers since 2006.
Hernán Parodi
Hernán es nuestro CEO y Senior Pentester (eWPT) / Red Teamer. Es un experto en seguridad de infraestructura y aplicaciones. Forma parte del equipo de Open-Sec desde 2010.