Adversary Tactics: Red Team Operations - October 2024 (In-person & Virtual; US Time)

This is a Hybrid training; participants can choose to join us in person in the Denver, Colorado area or virtually via Zoom.

Specter Bash is the in-person only event that complements the trainings, see below for details! (For a short time: Save 25% off your ticket by attending in person)

Upgrade your Red Team engagements with bleeding-edge Tactics, Techniques, and Procedures (TTPs) used by attackers in real-world breaches. This course will teach participants how to infiltrate networks, gather intelligence, and covertly persist in a network like an advanced adversary. Participants will use the skillsets taught in Adversary Tactics: Red Team Ops to go up against live incident responders in an enterprise lab environment designed to mimic a mature real-world network. Participants will learn to adapt and overcome Blue Team response through collaborative feedback as the course progresses.

Topics covered include:

• Design and deploy sophisticated, resilient covert attack infrastructure
• Utilize advanced Active Directory attack techniques to execute domain enumeration, escalation, and persistence
• Perform sophisticated post-exploitation actions, including sophisticated data mining, going beyond just achieving “Domain Admin”
• Use cutting-edge lateral movement methods to move through the enterprise
• Practice “offense-in-depth” by utilizing a variety of tools and techniques in response to defender actions and technical defenses
• Effectively train network defenders to better protect themselves against advanced, persistent adversaries

Course Summary

As organizations work to keep from becoming the next breach headline, they increasingly look to exercise their defenses through simulation of the sophisticated attackers they face. Organizations that have adopted an “assume breach” mentality understand it's a matter of when - not if - they will be compromised by these adversaries. The best way to test enterprise security operations against advanced threat actors is through application of the adversary mindset - commonly known as red teaming - through exercises that leverage the same tactics, techniques and procedures (TTPs) as real adversaries. If you’re looking to learn the tradecraft of adversary simulation operations in enterprise environments, sharpen your offensive technical skillset, and understand how to detect modern offensive tradecraft, this is the course for you.

This intense course immerses participants in a single simulated enterprise environment, with multiple domains, up-to-date and patched operating systems, modern defenses, and active network defenders responding to malicious activities. In keeping with the assumed breach mentality, the course provides detailed attacker tradecraft post initial access, which includes; performing host situational awareness and "safety checks", establishing resilient command and control (C2) infrastructure, escalation privileges locally, breaking out of the beachhead, performing advanced lateral movement, escalating in Active Directory, performing advanced Kerberos attacks, and achieving red team objectives via data mining and exfiltration.

The course focuses on “offense-in-depth”, the ability to rapidly adapt to defensive mitigations and responses with a variety of offensive tactics and techniques. To drive this concept home, participants will go up against live incident responders that actively hunt for and block malicious activity in the environment. The responders will provide real-time feedback and a daily summary to participants to demonstrate what artifacts attacks can leave behind, and how participants can adapt their tradecraft to minimize their footprint.

Learn to use some of the most well-known offensive tools from the authors themselves, including co-creators and developers of Mythic, PowerView, PowerShell Empire, Unmanaged Powershell, Covenant, Merlin, Rubeus, GhostPack, and BloodHound!

Course Syllabus

Day 1:

• Introduction & Course Overview
• Red Team Operations Overview
• Attack Infrastructure
• Lab Introduction
• Host Situational Awareness
• C#/PowerShell Weaponization
• Local Privilege Escalation

Day 2:

• Defensive Debrief of Day 1 Participant Tradecraft
• An Introduction to Adversary Detection
• Credential Abuse
• Active Directory Situation Awareness
• Payload Methodology
• Lateral Movement
• SQL Abuse

Day 3:

• Defensive Debrief of Day 2 Participant Tradecraft
• OPSEC Considerations
• Active Directory Domain Trusts
• Kerberos Overview
• Kerberos Attacks (Gold and Silver tickets, and Forged Ticket Detection)

Day 4:

• Defensive Debrief of Day 3 Participant Tradecraft
• Bloodhound - Visualizing Attack Paths
• Data Protection API (DPAPI)
• Advanced Kerberos Attacks
• Complete Lab Debrief
• Final Defensive Debrief and Evaluation of Participant Tradecraft

Participant Requirements

This is an advanced course that will include a large amount of time in a simulated complex enterprise with active defensive personnel. Participants should have previous penetration testing training and/or experience with penetration testing tools and techniques. Additionally, experience with at least one Command and Control (C2) frameworks is highly preferred (e.g., Apfell\Mythic, Covenant, Cobalt Strike, Metasploit, etc). Lastly, the course covers various aspects of Windows, Active Directory, and C#\PowerShell, so some familiarity with these technologies will be beneficial.

Specter Bash

In-person Attendee Benefits

By attending in person you'll receive the following exclusive benefits to the training:

• 30 days of course lab access
• Food! (Breakfast & Lunch provided throughout the event; Dinner provided Monday - Wednesday)
• Evening events to connect with industry peers
• Exclusive event-themed swag
• Week-long Halloween costume contest (see below)

Evening Events

Monday

Kick off the week with a Welcome Reception at the Breckenridge Brewery (attached to the training venue) to break the ice with drinks and food before a fun-filled week!

Tuesday

Spooky movies are as Halloween as Pumpkin Spice Lattes, so let’s chill our bones with a Scary Movie Night, hacking-themed Pumpkin Carving, and some good food. We will provide infosec-themed stencils and (foam) pumpkins for carving-- keep what you carve! The movie will be announced soon.

Wednesday

Gather ‘round the campfire to hear and share gripping tales of scary (in)security and spine-tingling hacks for a session of Hacking Horror Stories!
Food will be served so bring your appetite.
Anyone who attends is free to jump in and share their story but if you'd like to secure your spot to ensure you present, please email Jeff at jdimmock@specterops.io to sign up.

Week-long

We’re hosting a Halloween Costume Contest throughout the week for all in-person participants.
Anyone who wears a costume for at least one of the training days will get their choice of a free ticket to the SO-CON 2025 conference days OR 50% off a SO-CON 2025 training (which also includes a free ticket to conference days)

Let's Chat!

Join the conversation now in the BloodHound Slack in channel #specter-bash-2024. Sign up at https://ghst.ly/BHSlack

Venue

Specter Bash will take place at The Inverness in Denver, CO (200 Inverness Dr W, Englewood, CO 80112, USA)

Save money on your room with our Hotel Room Block!

Venue Amenities:

• Located on an 18-hole golf course
• Adjoining Breckenridge Brewery
• Luxury spa on-site
• 30 minutes from Denver International Airport

FAQs

How can I contact the organizer with any questions?

Please email training@specterops.io with any questions.  

What's the refund policy?

Full refunds will be provided up to 7 days before the course start date.

What are the hardware requirements for attending the course?

Courses are based in the SpecterOps training portal and accessible via an internet connection; no VMs are required for labs. The following are recommended hardware requirements:

• Internet Connection
• 8GBs of RAM
• Modern Web Browser capable of rendering HTML5