CyberArk

Main navigation

CyberArk Red Team TTP

CyberArk Red Team TTP

Summary

The CyberArk Red Team Tools Tactics and Procedures (TTP) training provides interactive hands-on training to introduce your Blue and Red-Team to common TTPs utilized by adversaries.

Description

The CyberArk Red Team Tools Tactics and Procedures (TTP) training provides interactive hands-on training to introduce your Blue and Red-Team to common TTPs utilized by real adversaries. The training focuses on TTP lecture, labs and demos with an emphasis on real life adversary simulation scenarios and experiences from the CyberArk Red Team. Using the customer’s network or a custom lab environment the trainees will run red team activities with the goal of utilizing already deployed defensive products to identify and mitigate adversaries in real life situations. This training emphasize CyberArk’s investment in nurturing stronger and more confident blue teams and security programs.

Duration

5 Days

Objectives

Upon completion of this course the participant will be able to:

Understand different tactics, techniques and procedures utilized by attackers

Understand the operational consideration of targeted adversaries

Know how to test security products by executing custom attacks

Know how to better identify indicators of malicious activities

Audience

Individuals who will be responsible for SOC activities

Blue-Teamers / Threat hunters

Anyone who is interested in offensive security

Penetration testers / Red-Teamers

Prerequisites

Technical Prerequisites:

  • Computer with Internet connectivity
  • Web browser that supports HTML5

Course Prerequisites:

  • Basic Windows knowledge Basic
  • UNIX/Linux knowledge
  • Basic Scripting or Programing Experience (recommended)

Additional Notes

Students are responsible to bring their own laptop

Outline

Code execution

Opsec / non opsec safe code execution

AV/EDR evasion

Application whitelisting bypass

Memory injection

Custom implants

Covert Channels

Staged vs stateless payloads

Http / https based c2 communication

SMB DNS Application layer

C2 Domain fronting Persistence

Windows native persistence

On disk persistence

Fileless malware

Dll hijack Privilege escalation

Understanding Windows privileges

Common privilege escalation

3rd party escalation

Fuzzing for windows privesc vulnerabilities

Lateral movement

Situational awareness

Abusing credentials for lateral movement

Understanding protocols usage during lateral movement

Pivoting segmented networks

Upcoming Classes

No classes have been scheduled, but you can always Request a Quote.