Red Teaming training: offensive techniques for a resilient institution

Threats and latest techniques used by attackers

The focus of this training course is on threats and environments most prevalent at educational institutions, based on the latest techniques used by attackers.

You will learn about the attack chain: from obtaining a foothold, developing malware, cloud exploitation and hitting an institution's crown jewels. The training is delivered by S-Unit, a party with years of experience in complex Red Teaming projects.

This training is completely hands-on; you will learn to make the most of a C2 framework (Cobalt Strike), build your own tools, bypass modern EDR solutions and learn how to stay 'stealthy' in complex hybrid environments. We conclude with the crucial step from attack to resilience, focusing on Purple Teaming to also learn more about the 'Blue' side of institutions, information security.

Programme

Day 1 - Foundations, Infrastructure & Malware Development

• Module 1: Introduction & Red Team Fundamentals
  An introduction to Red Teaming, operational security, frameworks, threat actors and setting up the training environment.
• Module 2: Infrastructure & Command and Control
  Participants learn how modern Red Team infrastructures are set up for stealth and command and control.
• Module 3: Malware Development & Detection Evasion
  Practical techniques for malware development and evasion of modern detection mechanisms.

Day 2: Initial Access, Active Directory & Lateral Movement

• Module 4: Reconnaissance & Initial Access
  Participants will learn how to investigate targets and gain initial access.
• Module 5: Active Directory Attacks
  Practical attacks on Active Directory environments and authentication mechanisms.
• Module 6: Lateral Movement
  Techniques for lateral movement within Windows and Active Directory environments.

Day 3: Privilege Escalation, Cloud & Endgame Operations

• Module 7: Privilege Escalation
  Participants will learn to elevate privileges within Windows environments and bypass security controls.
• Module 8: Cloud, Azure & Entra ID
  Attacks on hybrid cloud environments, Azure infrastructures and identity platforms.
• Module 9: Out Phase & Crown Jewels
  Completing Red Team operations focusing on impact, clean-up and collaboration with defenders.

Prior knowledge

The training is intended for participants working at an educational or research institution with basic knowledge of hacking techniques and cybersecurity principles. For example, experience from a defensive role, such as within SOC or Incident Response teams. In-depth offensive experience is not a requirement. This course is suitable for operational security professionals and network administrators in education and research dealing with the security side.

You will need your own laptop with a browser and an RDP and/or VNC client; running VMs locally is not necessary, and so there are no specific requirements for the operating system or for disabled security measures.