![]() There was a great amount of details centered around protecting the C2 including several methods to protect it from the redirectors themselves. The first exercise was identifying legitimate expired domains to use as our redirectors for both short and long term beacons back to our masked Cobalt Strike C2 server. We also reviewed some quick ways to initially triage hosts. The goal was to enable the red team to perfect their craft and go deeper without getting caught. Throughout the course there were several lectures on different primary topics as well as a defensive lecture on how a skilled blue team/defender may go “hunting” for this type of offense. We made use of several internal domains such as and to download appropriate materials and configure DNS. The first day was all about getting acquainted, setup, identifying and configuring covert infrastructure and some initial OSINT. Test the separation between two specific companies (parent and subsidiary).Gain commit-level access to a mock company subsidiary source code.Find and exfiltrate data from sensitive databases in a mock company subsidiary.The capstone of the entire lab only had 3 objectives, but took most teams the full 4 days to achieve in its entirety: What I really liked about the lab was the fact we did an exercise in finding a legitimate domain to use as our redirectors to hide our real C2 server. There was even some bleed over to the internet for an exercise in OSINT as well as domain searching. Over a dozen live machines, several domains in different trust models, a few hundred joined workstations and accounts in various states all configured in Azure and connected to via OpenVPN. We all also received some sweet SpecterOps branded swag including a journal, pen, trendy thermos, t-shirt, USB drive, and a ton of stickers! Lab: Of course the lovely Kelly organized delicious breakfast and lunch each day and a fantastic happy hour at a nearby bar. However, there were guest appearances by armitagehacker, jasonfrank, cptjesus, and mattifestation. The course was primarily taught by harmj0y, enigma0x3, _wald0, and brian_psu. They all contribute to either invaluable open-source projects ( Empire, BloodHound, PowerSploit, Armitage, Cobalt Strike) or deliver ground breaking research at tech conferences, so I knew this course was going to be information watering hose! 4 days later and over 500 slides reviewed in a complex lab environment, I wasn’t wrong. SpecterOps has put together a really talented and experienced team with some of the best minds in infosec right now. ![]() ![]() I had the privilege of attending first public offering of their 4 day Adversary Tactics: Red Team Operations course in McLean, VA in September 2017. ![]() Nearly two months ago I took a 4 day course with some of the sharpest minds in the infosec field and my mind is still blown. You’ll learn about tools like Cobalt Strike, Empire, BloodHound, PowerUpSql, PowerView, PowerUp, PowerSploit as well as attack techniques such as Kerberoasting, Golden Tickets, Silver Tickets, Trustpocalypse, and other advanced red team tradecraft. Take this course for the love of Red! Beginner to advanced, you will pick up some skills with the huge amount of knowledge drop and battle stories from experienced Red Team’ers and experienced instructors from all backgrounds.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |