Adversary Tactics: Red Team Operations

AdvancedIntermediateBeginner
Written By Lee Watson

Forge Institute and Specter Ops have joined forces to deliver a concise yet comprehensive "Adversary Tactics: Red Team Operations" training program. This partnership aims to equip teams with the ability to execute advanced Red Team engagements, reflecting the sophisticated tactics of real-world attackers. Participants will engage in hands-on exercises within a simulated enterprise environment, learning to breach networks, gather intelligence, and evade live incident response teams.

The curriculum covers deploying attack infrastructures, leveraging advanced Active Directory attacks, conducting in-depth post-exploitation, and mastering lateral movement techniques. This course is designed to enhance offensive skills and promote a proactive defense mindset among network defenders, preparing organizations to effectively counter modern cyber threats. Ideal for those looking to refine their Red Team capabilities or understand defensive strategies against advanced adversaries, this training represents a critical step towards achieving cybersecurity excellence.


KEY DETAILS

  • What: Adversary Tactics: Red Team Operations

  • When: August 13 - 16

  • Where: Location TBD

  • Tuition: 

    • Tuition: $6,000* per Trainee

  • Payment Terms:

    • Tuition reimbursement grant available for eligible AR employers*

    • Balance due 14 days before the course start date

  • Prerequisites: Some experience with an adversary attack cycle, red team, penetration testing, incident response, or SOC operations preferred. Personal Laptop Required.

  • Continuing Education Units: Qualifies for 3.2

  • *Up to 75% reimbursement from Office of Skills Development

COURSE SUMMARY 

Upgrade your Red Team engagements with bleeding-edge Tactics, Techniques, and Procedures (TTPs) used by attackers in real-world breaches. This course will teach students how to infiltrate networks, gather intelligence, and covertly persist in a network like an advanced adversary.

Students will use the skillsets taught in Adversary Tactics: Red Team Ops to go up against live incident responders in an enterprise lab environment designed to mimic a mature real-world network. Students will learn to adapt and overcome Blue Team response through collaborative feedback as the course progresses.

Topics covered include:

• Design and deploy sophisticated, resilient covert attack infrastructure

• Gain an initial access foothold on systems using client-side attacks in real-world scenarios

• Utilize advanced Active Directory attack techniques to execute domain enumeration, escalation, and persistence

• Perform sophisticated post-exploitation actions, including sophisticated data mining, going beyond just achieving “Domain Admin”

• Use cutting-edge lateral movement methods to move through the enterprise

• Practice “offense-in-depth” by utilizing a variety of tools and techniques in response to defender actions and technical defenses

• Effectively train network defenders to better protect themselves against advanced, persistent adversaries

As organizations scramble for a way to keep from becoming the next breach headline, they’vebegun looking for ways to simulate the sophisticated attackers they now face. Organizations that have started to adopt an “assume breach” mentality understand that it’s not a matter of if they’re compromised by these advanced adversaries, but when. The best way to test modern environments against these more advanced threats is with a Red Team that leverages the same tactics, techniques and procedures (TTPs) as the adversaries themselves.

If you want to learn how to perform Red Team operations, sharpen your technical skillset, or understand how to defend against modern adversary tradecraft, Adversary Tactics: Red Team Ops is the course for you.

This intense course immerses students in a simulated enterprise environment, with multiple domains, up-to-date and patched operating systems, modern defenses, and active network defenders responding to Red Team activities.

We will cover all phases of a Red Team engagement in depth: advanced attack infrastructure setup and maintenance, user profiling and phishing, host enumeration and “safety checks”, advanced lateral movement, sophisticated Active Directory domain enumeration and escalation, persistence (userland, elevated, and domain flavors), advanced Kerberos attacks, data mining, and exfiltration.

A focus will be on “offense-in-depth”, i.e. the ability to rapidly adapt to defensive mitigations and responses with a variety of offensive tactics and techniques. To drive this concept home, students will go up against live incident responders that will actively hunt for and block malicious activity in the environment.

The responders will provide real-time feedback to students to demonstrate what artifacts attackers can leave behind, and how students can adapt their tradecraft to minimize their footprint.

Come learn to use some of the most well-known offensive tools from the authors themselves, including co-creators and developers of PowerView, PowerShell Empire, PowerSploit, PowerUp, and BloodHound.


Day One

  • Red Team fundamentals and management

  • Covert infrastructure setup and upkeep

  • Initial reconnaissance and OSINT

  • Advanced offensive strategies

  • Evading detections and incident response


Day Two

  • Gaining initial access

  • Host assessment and safety checks

  • Bypassing host-based defenses

  • Foothold maintenance strategies

  • Privilege escalation via misconfiguration exploitation


Day Three

  • Resource and credential mining

  • Active Directory tactics: intelligence, escalation, and persistence

  • In-depth Kerberos attacks

  • Network pivoting


Day Four

Providing value to client

• Blue team training objectives

• Data movement and external exfiltration

• Complete lab debrief



Lee Watson http://www.rleewatson.com
Previous

Blue Team Operations