Red Team Operations
Faculty Profiles
Nikita Vdovushkin
Head of CyberAudit, BiZone
Igor Motroni
Senior Penetration Tester, BiZone
Course length
Duration
Total hours
Credits
Language
Course type
Fee for single course
Fee for degree students
Skills you’ll learn
Overview
Red Team operations is a necessary part of modern security exercises. This exercise means the simulation of a real APT attack on the company. BI.ZONE regularly takes part in investigations of real hacker attacks with different attacker motivations - from hacktivism to state actor. Also, BI.ZONE specialists have successfully accomplished many projects in this field that gave a lot of experience depending on the region, infrastructure design and maturity of the client company.
During this course, our specialists will explain the complex chain of Red Team operations. BI.ZONE specialists will demonstrate and explain the different approaches of every stage. As an example, initial access can be performed by vishing, road apple, phishing, using malware payload or fake website and 2nd factor bypass. BI.ZONE specialists have unique techniques and knowledge that will be revealed during this course.
Learning highlights
- The main course objective is to show and describe techniques which real world adversaries can use in order to bypass modern defenses and successfully penetrate and persist in enterprise infrastructures.
Course outline
15 classes
Introduction
- Red Team vs Pentest vs Security
- Assessment vs Vulnerability Scanning
- Overview of modern APT attacks and BI.ZONE real-world cases
- Setting up, Legal basis in different countries
- Philosophy of Red Teaming
- Red team stages overview
- What are Red and Blue Team
Reconnaissance
- Defining information needed
- External Reconnaissance
- Real-world examples of reconnaissance into successful attack
- Recon in Red Team
- Practical work for specific company + homework for another one (Lab for OSINT)
Getting Access (1)
- Hiding behind proxies, cloud providers, VPNs, TOR, Bulletproof service providers
- Scanning methods in-depth
- Vulnerability Exploitation: Web apps Network exploitation (Lab for web application security)
Getting Access (2)
- Social Engineering
- Email phishing
- Voice phishing
- Going for interview
- Real-world cases of successful phishing (Lab for second factor leak)
Getting Access (3)
- Payload creating techniques
- In-memory loader
- Tools (shelter, veils)
- Packers/Encoders
- Macros, name juggling, links
- AV bypass testing (Test on getting access and Recon)
Attack development (1)
- Introduction to Cobalt Strike
- Tunneling techniques
- Initial persistence
- (Homework)
Attack development (2)
- Host post-exploitation: Keyloggers
- Screen grabbers, VNC
- Fake windows, password grabbers (Lab for post-exploitation techniques)
Attack development (3)
- Metasploit
- Meterpreter
- Mimikatz (Lab for (un)packing malware)
Internal activities (1)
- Typical enterprise structure
- Kerberos/NTLM/AD/GP
- Possible attack vectors and typical attack landscape
- Test (attack development)
Internal activities (2)
- NBTNS/LLMNR
- Wpad
- Responder
- NTLM/SMB relay
- Popular vulns
- Cool AD vectors (DnsAdmins etc.)
- Lab for AD attack
Internal activities (3)
- Network attacks
- CDP/DTP/STP/
- DNS/DHCP
- Lab for traffic dumps
Internal activities (4)
- Privilege escalation
- TaskScheduler
- Unquoted path
- Known sploits
- SUID/SGID
Internal activities (5)
- Lateral movement
- Persistence
- Crackmapexec
- Bloodhound
- PSExec
- RDP hijacking
Conclusion
- Blue Team
- Reporting
- Incident Response (SOC)
- Short overall review
- Test (internal activities)
Final exam
- Final exam
Prerequisites
- Good network protocols knowledge - Basic programming skills - Basic enterprise it architecture knowledge - Linux and Windows operating system expertise - Familiarity with Windows Active Directory concept
Nikita Vdovushkin is an organizer of OFFZONE cybersecurity conference and part of its CFP Committee, he is also a technical lead of CTFZone competition. Nikita is a Head of the Cyberaudit team at BIZone LLC. His areas of responsibility are penetration testing, social engineering and security-related researches. In addition, he was a student supervisor at the National Research Nuclear University «MEPhI», cyber security faculty. Nikita is also a member of BalalaikaCr3w and united LC↯BC Capture the Flag teams. With these teams, he took part and won prizes in various recognized CTF competitions such as PHDays CTF, Facebook CTF, DEF CON and many others.
Apply for this course
Red Team Operations
by Nikita Vdovushkin, Igor Motroni
Total hours
45 Hours
Dates
Jul 27 - Aug 14, 2020
Fee for single course
€1500
Fee for degree students
€750
How to secure your spot
Complete the form below to kickstart your application
Schedule your Harbour.Space interview
If successful, get ready to join us on campus
FAQ
Will I receive a certificate after completion?
Yes. Upon completion of the course, you will receive a certificate signed by the director of the program your course belonged to.
Do I need a visa?
This depends on your case. Please check with the Spanish or Thai consulate in your country of residence about visa requirements. We will do our part to provide you with the necessary documents, such as the Certificate of Enrollment.
Can I get a discount?
Yes. The easiest way to enroll in a course at a discounted price is to register for multiple courses. Registering for multiple courses will reduce the cost per individual course. Please ask the Admissions Office for more information about the other kinds of discounts we offer and what you can do to receive one.