Real World Red Team Attacks with Peter Kim

Trainor: Peter Kim

Peter Kim has been in the information security industry for the last 15 years and been a penetration tester/red teamer for the last 12 years. During this time he worked for multiple utility companies, Fortune 1000 entertainment companies, government agencies, and the Federal Reserve.  He gives back to the security community by teaching penetration testing courses at the community college and creating/maintaining one of the largest security communities in the Southern CA area (meetup.com/LETHAL).  He is the best-selling author of three offensive security books, The Hacker Playbook 1, 2& 3.  He has also spoken and trained at multiple security conferences including Toorcon, Derbycon, ISSA, OWASP AppSec, LETHAL, and Baythreat.

Email: [email protected]

Twitter: @hackerplaybook

Description:

The days of exploiting MS08-067, encoding with Shikata Ga Nai, and blindly scanning are gone. Both Blackhat hackers and pentesters alike have shifted to using more advanced techniques to bypass AV, implement a smaller footprint to evade SIEM detection, and continually stay persistent to devastate enterprise networks. If you are looking to take your craft to the next level, this is the primer course for you.

This training course was custom developed to put you right in the action and simulate real world red team attacks.  You’ll take the approach as a red teamer to social engineer your way into a company, gain information about the network, pivot to valuable resources, and gain access to all the company’s secrets.

This isn’t your average pentest course!  We built the labs around what we are seeing as red teamers.

Course Objectives:

  • Perform and understand both common and advanced red team attacks
  • Learn how to stay silent in the network and live off the land
  • Manually pivot through a network and evade detection
  • Understand the red team mindset and build valuable campaigns

Training Syllabus

  • Day 1
    • Red Team Mindset
    • Recon
    • Creating Malware For Your Campaigns
    • Setting Up C2 Servers
    • Social Engineering
    • Compromise Your Victims
    • Living Off The Land
    • Moving Laterally In Windows/Active Directory
  • Day 2
    • Pivoting/Lateral Movement in Linux
    • Compromising Common Applications for Post Exploitation
    • DNS C2 And Network Limitations
    • Local Linux Privilege Escalation
    • Creating Valuable Reports
    • CTF

Upon Completion of this training, attendees will know:

  • How to think like the bad guys do
  • How to evade AV and network detection tools
  • How to get around Windows protections
  • How to live off the land
  • How to write valuable reports to improve security
Course Prerequisites:
  • Familiarity with Metasploit and similar tools
  • Basic understanding of penetration testing methodology and tools
  • Basic GNU/Linux command line
  • Basic understanding of Active Directory

Attendees will be provided with (by trainer):

  • A signed copy of The Hacker Playbook 3!
  • Custom Virtual Machines
  • Lab Material PDF

Attendees should bring:

  • Laptop with administrator access
  • Laptop with network connectivity and dongles
  • Laptop capable of running two virtual machines simultaneously using either VMware Workstation or Player or Fusion (for OS X)
  • Laptop with 30GB of free disk spaces
  • You must have ability to disable the host firewall (Windows firewall or other third party firewall) and antivirus running on your desktop…
  • A passion to learn!