Advanced Red Teaming: Weaponization & Adversary Simulation
March 17-19, 2023 (4 Days Live Training)
This is a live instructor-led training that focuses on developing cyber weapons that can evade AV detection, EDR logs and forensics traces like how advanced targeted attacks do, and provide you with insights on how to improve your organization's overall detections and security posture
HANDS-ON TRAINING
Advanced Red Teaming: Weaponization & Adversary Simulation is a hands-on offensive training that focuses on helping organizations battle against ever-growing targeted attacks and ransomware attacks by simulating their adversaries and put your defenses and your blue team at test to improve the organization security posture.
This training focuses on developing cyber weapons that can evade AV detection, EDR logs and forensics traces like how advanced targeted attacks do, and provide you with insights on how to improve your organization's overall detections and security posture
WHO IS THIS TRAINING FOR?
This training is for Security Professionals who want to expand their skills in red teaming, understand how real-world attacks look like and better protect their organizations against APT Attacks, Targeted Ransomware attacks and Fileless attacks
- Cyber Security Professionals
- Penetration Testers
- Purple Teamers
- Threat Hunters
- Incident Handlers
- SOC Analysts
Testimonials & Endorsements
"ONE OF THE BEST COURSES I EVER HAD"
"I have finished the Malware Analyst Mindset Program with full satisfaction. He did a fantastic job with more than 60 hours of hands-on and practice which makes it one of the rare courses out there. Let me say: One OF THE BEST Courses I EVER HAD"
- Yazeed Alabbad, Managed Cybersecurity Services ManagerE
"Clear example of operators that are experts in the field"
"We've worked with hundreds of security professionals and businesses over the years, and MalTrak are a clear example of operators that are experts in the field. With SUBSTANTIALLY deeper experience in malware/ransomware than just about any other organisation on the planet, they're who we go to for expert analysis and commentary on any new (or old) malware threats"
- Cameron Perry, COO of KBI.Media
"I CAN FINALLY ANALYZE, UNDERSTAND & CONTROL THE MALWARE"
"Before the training, I was always feeling that malware is a very scary thing and is a very out of hand event. This training helped me in analyzing and recognizing the malware features and if it's getting to the perimeter. And now, I feel it’s not scary anymore. I can actually analyze it, understand it and control it"
- Fung Dao Ying, System Analyst in Bintulu
"ONE OF THE BEST COURSES I EVER HAD"
"I have finished the Malware Analyst Mindset Program with full satisfaction. He did a fantastic job with more than 60 hours of hands-on and practice which makes it one of the rare courses out there. Let me say: One OF THE BEST Courses I EVER HAD"
- Yazeed Alabbad, Managed Cybersecurity Services ManagerE
"Clear example of operators that are experts in the field"
"We've worked with hundreds of security professionals and businesses over the years, and MalTrak are a clear example of operators that are experts in the field. With SUBSTANTIALLY deeper experience in malware/ransomware than just about any other organisation on the planet, they're who we go to for expert analysis and commentary on any new (or old) malware threats"
- Cameron Perry, COO of KBI.Media
"I CAN FINALLY ANALYZE, UNDERSTAND & CONTROL THE MALWARE"
"Before the training, I was always feeling that malware is a very scary thing and is a very out of hand event. This training helped me in analyzing and recognizing the malware features and if it's getting to the perimeter. And now, I feel it’s not scary anymore. I can actually analyze it, understand it and control it"
- Fung Dao Ying, System Analyst in Bintulu
The strategies, skills, and tools required to simulate real targeted attacks and harden your organization's defenses and security teams
WHAT'S IN THE TRAINING?
DAY 1
APT Attacks & Red Team Infrastructure on AWS
- What is an APT Attack?
- What are the Attack Stages? And what’s MITTRE ATTACK?
- APT attack lifecycle
- Examples of real-world APT attacks
- Deep dive into the attackers' tactics, techniques, and procedures (TTPs) Using Threat Intelligence
- Understand the attackers' malware arsenal
- Setting Up Your Infrastructure in the cloud
- Setting up your account in AWS & Terraform
- Build your network and Caldera VM in the cloud
- Create Redirectors to obfuscate your C&C IP
Phishing & Social Engineering Mastery
- Create a Phishing Platform using GoPhish
- Create Your Phishing Pages using EvilGinx 2
- Build Your Phishing plan using OSINT
- Build your phishing emails templates
- Bypass 2-Factor Authentication using EvilGinx 2
Initial Access: Get your foot into the organization network
- Spearphishing with malicious document (Hands-on)
- Bypassing Microsoft Disabled Macros (Hands-on)
- Spearphishing with link
- Spearphishing using social media
- Advanced Execution Techniques: LNK Files (Hands-on)
- Advanced Execution Techniques: COM Objects
- Bypassing Whitelisting: Abusing Microsoft Legitmate Applications
DAY 2
Write Your First HTTP Malware
- Build a Vulnerable organization in AWS
- Connect to Caldera C2 using HTTP
- Implement Base64 encoding in your malware
- Implement JSON parsing in your malware
- Send victim machine information to your C&C
- Receive and execute commands from Caldera
- Automate command execution across multiple victims
Malware Plugin Framework Implementation
- Add a framework for plugins with additional features
- Add a keylogger plugin to log keystrokes and steal credentials.
- Add commands for Caldera to download the keylogger logs
Maintaining Persistence In-Depth (Advanced Techniques)
- Maintain Persistence in the victim machine
- Advanced Persistence methods
- Disguise the malware inside a legitimate process (Malware as a DLL)
- Persistence through DLL Injection
Privilege Escalation Techniques
- UAC bypass techniques
- Advanced Persistence methods
- Disguise the malware inside a legitimate process (Malware as a DLL)
- Persistence through DLL Injection
DAY 3
Defense Evasion: Malware Obfuscation
- Malicious Documents: VBA Stomping
- Strings Encryption
- Dynamic API Loading
- Hidden In Plain Sight: Malware Steganography
Defense Evasion: Network Obfuscation
- Network Data Encryption
- Hidden In Plain Sight 01: HTML Smuggling.
- Hidden In Plain Sight 02: Steganography
- Using legitimate websites for communications
- DNS Flux and DNS over HTTPS
- Other Protocols & Channels (ICMP, DNS ... etc)
Defense Evasion: Bypass EDRs & Behavioral-Based Detection
- Process Injection & DLL Injection
- Sysmon & EDR Bypass Techniques
- Unhook EDR APIs
- Invisible Process Injection Without Alerting EDRs
- AppLocker And Application Whitelisting bypass Techniques
DAY 4
Impersonating Users: Credential Theft & Token Impersonalization
- Credential Theft using lsass memory dump
- Bypass lsass protection
- Token Impersonation & Logon Types Overview
- Token Impersonation implementation in your malware
- Steal Remote Desktop Sessions
- Lateral movement using caldera and your agent
Lateral Movements
- NTLM Attacks: Pass The Hash
- Kerberos Attacks: Pass The Ticket
- Kerberos Attacks: Overpass The Hash
- Silver & Golden Tickets
- Lateral movement using Scheduled tasks
- Lateral movement using Remote COM Objects
- Lateral movement using WMIC & Powershell Remoting
YOUR INSTRUCTOR
Amr Thabet
Amr Thabet is a malware researcher and an incident handler with over 10 years of experience, he worked in some of the Fortune 500 companies including Symantec, Tenable, and others.
He is the founder of MalTrak and the author of "Mastering Malware Analysis" published by Packt Publishing.
Amr is a speaker and a trainer at some of the top security conferences all around the world, including Blackhat, DEFCON, Hack In Paris and VB Conference. He was also featured in Christian Science Monitor for his work on Stuxnet.
His mission is to help security professionals all around the world to build their expertise in malware analysis, threat hunting, red teaming. and most importantly, protect their organization's infrastructure from targeted attacks, ransomware attacks, and APT attacks.
The strategies, skills, and tools required to simulate real targeted attacks and harden your organization's defenses and security teams
ALL OUR LIVE TRAINING SCHEDULE
LOOKING FOR GROUP TRAINING?
We offer group training discounts for both our live training and on-demand sessions organisations. To discuss your specific requirements, book a time to speak with one of our consultants to discuss your options.
NOT YET READY YET?
You can check out our resources that will show you exactly the quality and support you can expect from our Master's Program and our Training programs, and see why MalTrak students are in such high demand
Watch Our On-Demand Webinars
The Most Demanded Cybersecurity Skills in 2023
The Step-by-Step Guide to become a 6-Figure Cybersecurity Consultant
Enroll In Our Entry-Level Courses
Kickstart Your Cybersecurity Career
This training will give you the fundamental skills and the roadmap you need to build a successful career in cybersecurity.
Watch Our On-Demand Webinars
The Most Demanded Cybersecurity Skills in 2023
The Step-by-Step Guide to become a 6-Figure Cybersecurity Consultant
Enroll In Our Entry-Level Courses
Kickstart Your Cybersecurity Career
This training will give you the fundamental skills and the roadmap you need to build a successful career in cybersecurity.
STILL GOT QUESTIONS? WE GOT YOU!
Frequently Asked Questions
WHAT ARE THE TRAINING PREREQUISITES?
- Good IT Administration Background especially in Windows (Linux preferred)
- Good Cybersecurity & Network protocols background
- C++ Programming Background (Only in the Advanced Red Teaming Training)
WHAT HARDWARE/SOFTWARE IS REQUIRED?
- Laptop with minimum 8GB RAM and 60GB free hard disk space
- VMware Workstation or VMware Fusion (even trial versions can be used). You can use VirtualBox or other virtualization software. However, the training will be delivered based on VMware Workstation.
- Delegates have Microsoft Visual Studio or GNU C++ Compiler installed on their machine and their preferred Code Editor (Visual Studio or VS Code are preferred)