itsMe Posted October 22, 2023 Share Posted October 22, 2023 This is the hidden content, please Sign In or Sign Up Course Description This is an advanced course that focuses on setting up secure and resilient C2 infrastructure using Azure/AWS, creating custom Cobalt Strike profiles, hunting for Active Directory Certificate Services misconfigurations in mature enterprise environments. Learn current post-exploitation techniques that White Knight Labs (WKL) has used during real-life engagements to dump credentials, move laterally, escalate to Domain Admin, and capture the client’s crown jewels. We will cover EDR bypass briefly, but AV/EDR bypass will be assumed knowledge for this course. Although this course is designed to be a deep dive into hunting for ADCS misconfigurations and setting up C2 infrastructure, an apex attacker must also know their own indicators of compromise (IOCs) they’re creating and the artifacts they’re leaving behind. On the second day, students will be led through a real-life red team operation. Key Takeaways Students will learn how to configure resilient C2 infrastructure, abuse AD misconfigurations, and bypass AV/EDR. The majority of this course is focused on configuring exploiting Active Directory misconfigurations using hyper current techniques that WKL has seen in mature networks during red team engagements within the last year. Who Should Attend? We recommend this course If you’ve been working in offensive or defensive cyber operations for 1-2 years. Are you a penetration tester or red teamer that wants to hone their AD skills and have more options during engagements? This course is for you. Prerequisite Knowledge This is an advanced course. We recommend this course if you’ve already taken WKL’s Offensive Development course and/or have an in-depth understanding of bypassing AV/EDR. Common Active Directory attacks like pass-the-hash, golden/silver ticket, etc, will be assumed knowledge. Lab Environment Students will be given a Terraform script to spin up their own lab environment in AWS that consists of the following: Windows Sophos Intercept X EDR VM Windows Crowdstrike EDR VM Ubuntu Cobalt Strike Team Server Windows 10 Development Machine Kali Linux Fully Patched Windows 10 Machine Windows Server 2022 (Domain Controller) Windows Serer 2022 (PKI Server) Hardware/Software Requirement Students must have an active AWS admin account with programmatic access. Students must have an active Azure admin account Syllabus Day 1: Red Team Fundamentals Cobalt Strike/Guacamole walkthrough Terraform for infrastructure automation Redirectors and CDNs Custom malleable C2 profile Protecting your C2 server (mod rewrite and proxy pass) Touch and go AV/EDR Bypasses Day 2: Red Team Operation Attack Paths Advanced payload creation Windows lateral movement SOCKS proxies Service controller WMI COM/DCOM Abusing AD misconfigurations via C2 channels (ADCS) Advanced credential dumping techniques SQL misconfigurations for lateral movement and code execution This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts