CyberArk Red Team TTP
Summary
Description
The first part of the CyberArk Red Team Tools Tactics and Procedures (TTP) training focuses on TTP lecture, labs and demos with an emphasis on real life adversary simulation scenarios and experiences from the CyberArk Red Team. The second part of the TTP training is customized based on each customer’s security posture and environment. Using the customer’s network or a custom lab environment the trainees will run red team activities with the goal of utilizing already deployed defensive products to identify and mitigate adversaries in real life situations. This training emphasize CyberArk’s investment in nurturing stronger and more confident blue teams and security programs.
Objectives
Upon completion of this course the participant will be able to:
Understand different tactics, techniques and procedures utilized by attackers
Understand the operational consideration of targeted adversaries
Know how to test security products by executing custom attacks
Know how to better identify indicators of malicious activities
Audience
Individuals who will be responsible for SOC activities
Blue-Teamers / Threat hunters
Anyone who is interested in offensive security
Penetration tester / Red-Teamers
Outline
Code execution
Opsec / non opsec safe code execution
AV/EDR evasion
Application whitelisting bypass
Memory injection
Custom implants
Covert Channels
Staged vs stateless payloads
Http / https based c2 communication
SMB DNS Application layer
C2 Domain fronting Persistence
Windows native persistence
On disk persistence
Fileless malware
Dll hijack Privilege escalation
Understanding Windows privileges
Common privilege escalation
3rd party escalation
Fuzzing for windows privesc vulnerabilities
Lateral movement
Situational awareness
Abusing credentials for lateral movement
Understanding protocols usage during lateral movement
Pivoting segmented networks
