Decoding the Art of Red Teaming

beginner
hands-on

Decoding the Art of Red Teaming

One can acknowledge the fact after going through the APT threat actors’ movements on the attack surface that nowa1s attackers use the more sophisticated and complex techniques to accomplish their motive. Whereas most of the organization are not pretty much aware of the techniques used by the threat actor to accomplish their motive which leaves the defensive mechanism of the organization in a very fragile position. The fragility of the defense makes easier for the threat actors to break or bypass the security perimeter of the organization which lead to harsh consequences. In order to avoid these consequences, the organization adopts the concept of depicting the art of the threat actors on the attack surface to know the security loopholes before the attacker exploit it to accomplish its motive and this particular routine or exercise of depicting the art of the threat actor on the attack surface is Red Teaming. This Workshop will strictly focus on modern techniques, tactics and procedures for bypassing the strict security controls on the organization infrastructure. All these attacks will be simulated and demonstrated on lab architecture which will be a real-world depicting infrastructure made for the purpose demonstration. As most of the fortune companies use Active Directory in their organization to manage the organization’s entities, Active Directory is deployed in the lab architecture. To make this workshop hands-on for real, all the attendees will be provided with dedicated VPN to access the pre-configured lab where they will perform all the attacks in a threat actor way. The Goal of the workshop is not to attack but to attack with the stealth nature so that the simulated attack can bypass the security control which is deployed. The defensive tactics will be discussed respectively for every security loophole that has been exploited during the demonstration.

TARGET AUDIENCE

  • Red, Blue, & Purple Team Members.
  • Penetration Tester.
  • Cyber Security Enthusiast.
  • Anyone who wants to upscale their Red Teaming Skills.
  • Administrators

DELIVERABLES

  • Two-1 full lab access to perform the hands-on attacks.
  • All slides in PDF format.
  • A solution manual of the lab will be provided to the attendees./li>
  • An attacker VM with all the Red Team tools in it.
  • The Workshop will surely provide attendees with the knowledge of the Advance Attacks on AD Environment.

REQUIREMENTS

  • Laptop with Administrative access & VMware workstation installed
  • Having wireless/wired internet connection capability
  • Total of 30 GB space & at least 4 GB of RAM

Prerequisites:

  • Basic Knowledge of Powershell Scripting.
  • Basic Knowledge of Active Directory.
  • Open Mind.

Topics will be covered

  • Introduction to the Workshop
  • Addressing the Agenda of the Workshop
  • Understanding the Red Teaming Methodology
  • Explanation of the Lab Architecture
  • Mapping the assets of the Organization
  • External Reconnaissance
  • Enumeration: Finding the Weakest Link.
  • Bypassing the Security Controls to Infiltrate
  • Lateral Movement in the Domain Environment
  • Privilege Escalation on the Attack Surface
  • Establishing C2 channel like Legit
  • Exploiting the trust between the two forest
  • LOLBAS to hide and persist in the forest
  • Hard to detect Data Exfiltration tunnel

What Shouldn’t be expected:

  • Spoon Feeding the basics of Active Directory Essentials.
  • PowerShell scripting in-depth.
  • Becoming a Red Team Ninja in a 1.
  • In-Depth Mitigation Techniques.

About Trainer :

Satyam Dubey is a security researcher deeply interested in Building Lab Environment for simulation, performing covert operations on attack surface, evading defense mechanism in all possible attack vectors. He is an active member of OWASP chapter Bhopal, Null security community and blogs at hacknpentest.com. Previously, he had previously delivered a workshop on the topic “Advance Red Team Attacks” at BSIDES Ahmedabad 2019.

Yash Bharadwaj is a security researcher and an enduring learner of technology. He is highly attentive towards finding, learning and discovering new TTP’s used while engagements. His area of interest includes (but not limited to) evading Antivirus, Securing Active Directory infrastructure and Advance Windows based attacks. He is an active member of Null security community and OWASP chapter Bhopal. He is author at hacknpentest.com. Previously he have delivered a hands-on workshop at BSIDES Ahmedabad security conference 2019.