easy website builder

Adversary Emulation and Threat Hunting

Learn how to emulate attacks like Red Teams Professionals and how to Defend like Blue Teams.

Training Overview

Attackers and Defenders both need to learn skills of their adversary. Blue Teams can implement strong defensive measures, but in order to test and verify, they need to get into attacker’s shoes. Hence adversary emulation mimicking an actually attacker is a must. Similarly attackers need to learn how defenders can catch attackers, and hence they should learn how to make their attack more sophisticated and stealthy.

This training covers both offensive and defensive aspects of security by covering topics like:

- Building your Attack Defense Lab (Attack Automation and Log Monitoring)
- Perimeter and Attack Surface Discovery
- Initial Access and Internal Reconnaissance
- Detecting External and Internal Attacks
- Lateral Movement, Data Exfiltration and Detection
- Defense Measures and Enhanced Security for Active Directory







Lab Environment Setup


Course Details

16 Hours (2 days), if delivered in Hands-On style.

8 Hours (1 Day), if delivered in Instructor Led manner.

Day 1

- Overview
    - Introduction to the Training Lab
    - Attack/Defense Methodology
    - Red/Blue Team Operations
    - MITRE ATT&CK matrix
    - Testing Security Controls

- Building your Attack Defense Lab
    - Setting up Log Monitoring Environment
    - Log Shipping Agents
    - Capturing Organization Data using OSINT
    - Logging System events, Powershell logs, Access logs, etc.
    - Monitoring and Alerting Setup
    - Setting up Attack Machines
    - Automated Adversary Emulation Tools

- Perimeter and Attack Surface Discovery
    - Enumeration / Initial Recon
    - Analyzing Captured Public Data (OSINT)
    - Active Reconnaissance
    - Detecting Active Reconnaissance

- Initial Access
    - Initial Access Scenarios
    - Attacking Perimeter Security
    - Detecting Large Scale Attacks on Perimeter Security (Demo)
    - Phishing
    - Detecting Drive By Downloads

Day 2

- Attack Automation
    - Overview
    - AtomicRedTeam/Caldera/METTA etc.
    - Detecting Attacks within the Environment

- Internal Access - Attack Execution
    - Internal Reconnaissance
    - Users/Domain Enumeration
    - Remote Process Execution (psexec, winrm, etc.)
    - Detecting Remote Process Execution

- Privilege Escalation / Credential Access
    - Privilege Escalation Techniques
    - Stealth Offline Password Extraction from Memory Dump
    - Detecting Password Dumps

- Exfiltration
    - Data Exfiltration Techniques (DNS, ICMP etc.)
    - Attack: Trusted Binary Making network connection
    - Detecting Network calls from trusted binaries

- Persistence
    - Persistence Techniques (Golden/Silver Ticket, Skeleton Keys, etc.)
    - Maintaining Connection and Access
    - Detecting Persistence

- Defenses
    - Techniques for Defense
    - Automated Defense Approaches
    - Enhanced Security Administrative Environment (ESAE).
    - Demo: Blocking Large Scale Attacks on Perimeter and Internal Security

This course is ideally useful for
* Red Teams / Attackers
* Blue Teams / Defenders
* Security Engineers
* DevOps Engineers
* Network Administrators
* CISO / Information Security Team Leads

Send an Inquiry for this Training


RedHunt Labs Limited
Heydon Lodge Flint Cross, Newmarket Road, Heydon, Royston, United Kingdom,
Company Number: 11954083 


Email: [email protected]
Twitter: @redhuntlabs
Facebook: /redhunt.labs
Phone: +91-9971658929