Let's be bad people!

Let's be bad people!

Duration: two days

  • Wed 14th / Thur 15th : $2000: 4 spaces [ Buy Ticket ]
  • Wed 14th / Thur 15th : Free: 8 spaces [ CLOSED ]

Abstract

This course is designed to up your quiet game. In the recent years, blue teams have grown complacent with new tools and telemetry. They don't actively hunt unless a tool tells them a box is interesting. In this course, you will learn how to tunnel your comms, stand up C2 infrastructure to be misleading, encrypt you traffic, create diversions, and other escape and evasion techniques to hide from the blue team.  This course focuses on hiding on the network as well as in the system.
We'll be targeting a windows environment hosted in the cloud.

Course Outline

DAY 1
- Getting details sorted
- Standing up infrastructure / machines / software
- Walking the perimeter
- Identifying what the blueteam can see
- Deciding what to hide, how and where to hide it
- Validating configurations, checking to make sure we're sneaky sneaky
DAY 2
- Adding layers of obfuscation
- Lateral movement
- Target identification and exfiltration
- Playtime


Prerequisites
This course is for senior pentest types and redteam types. Or anyone else that has the requisite knowledge.

  • You must be familiar with linux cmdline (kali or ubuntu is fine), you must have experience with msfvenom, metasploit and empire.
  • You must have basic knowledge of linux subsystems.
  • You must be able to quickly edit files (vi, nano etc), restart services in linux, and understand how to move files around.
  • Experience with letsencrypt is a plus
  • Experience with ec2/aws services and dns configurations is a plus