Creative Red Teaming

Overview

Overview

Duration 5 days
Course Time 9.00am - 3.30pm
Enquiry Click here to contact us
This course is delivered by Mandiant Academy.

Mandiant red teams have conducted hundreds of covert red team operations. This course draws on that knowledge to help learners improve their ability to prevent, detect, and respond to threats in an enterprise network.

Participants will better understand advanced threat actor behavior that Mandiant experts have observed through incident response investigations. Participants will also see how Mandiant red teams refine advanced attacker tools, tactics and procedures (TTPs) for use by red teams in their attempts to emulate advanced threat actors. Participants will develop the ability to think like an attacker and creatively use these TTPs to accomplish response goals while avoiding detection.

Mandiant red team leads conduct this fast-paced technical course with presentations and scenario-based labs based on frontline expertise and intelligence-based security research.

Participants will receive hands-on experience conducting covert cyber attack simulations that mimic real-world threat actors. They will learn how to bypass advanced network segmentation, multi-factor authentication and application whitelisting, abuse web applications, escalate privileges and steal data while circumventing detection methods.

Key Takeaways

Key Takeaways

At the end of this course, the participiants will be able to:

  • Identify the goals and challenges of managing a red team operation, including risk measurement and reporting
  • Deploy creative tactics—from older techniques to newer ones—to maintain access to any compromised machine
  • Understand the tools and methods attackers use to exploit the lowest-level user privileges to gain higher, administrative privileges and move laterally throughout a network while avoiding security alerts
  • Avoid and bypass various challenges such as application whitelisting, encryption, multi-factor authentication, sandboxes and more
  • Exfiltrate data from “secure” networks undetected, without triggering firewalls or generating alerts
  • Identify, fingerprint and compromise a target with custom crafted payloads while bypassing antivirus (AV) detection


Who Should Attend

Who Should Attend

This course is targeted at red team members, penetration testers, defenders wanting to understand offensive tactics techniques and procedures (TTPs) and information security professionals looking to expand their knowledge base.

Prerequisites
A background in conducting penetration tests, security assessments, IT administration, and/or incident response. Working knowledge of the Windows operating system, file systems, registry and use of the Windows command line.

Experience with, Active Directory, basic Windows security controls, common network protocols, Linux operating systems, Scripting languages (PowerShell, Python, Perl, etc.) and assessment of web applications using the OWASP top 10.



ICT and SS Competency Framework

ICT and SS Competency Framework

As part of the ICTCF, this course falls under the Cybersecurity functional cluster and tagged to the following competencies:
  • Cybersecurity: Adversary Simulation
  • Cybersecurity: Web Application Penetration Test

The course is mapped to the following job roles:
  • Red Team Engineers


Course Structure

Course Structure

This course is delivered via virtual instructor-led format and will cover the following topics:
  • What is Red Teaming?
  • Infrastructure and C2
  • Initial Reconnaissance
  • Initial Compromise
  • Establish Foothold
  • Escalate Privileges
  • Internal Reconnaissance
  • Lateral Movement
  • Persistence
  • Completing the Mission

NOTE
Students are required to bring their own laptop that meets the following specs:

  • USB port (for installing software provided on a USB stick)
  • Ethernet port or adapter
  • Local administrator rights to the host OS and VMs


Instructors

Instructors


Fees

Fees


Full Fee

Full course fee

S$7410

7% GST on nett course fee

S$518.70

Total nett course fee payable, including GST S$7928.70




How To Register

How To Register


Agency-sponsored

Step 1 Apply through your organisation's training request system.

Step 2 Your organisation's training request system (or relevant HR staff) confirms your organisation's approval for you to take the course.

Your organisation will send registration information to the academy.

Organisation HR L&D or equivalent staff can click here for details of the registration submission process.


Step 3 The Digital Academy will inform you whether you have been successful in enrolment.