Skip to main Content

Masterclass: Red Team - Blue Team Operations

  • Course Code RBO
  • Duration 5 days

Course Delivery

Additional Payment Options

  • GTC 55 inc. VAT

    GTC, Global Knowledge Training Credit, please contact Global Knowledge for more details

Public Classroom Price

£3,735.00

excl. VAT

Request Group Training Add to Cart

Jump to:

Course Delivery

This course is available in the following formats:

  • Company Event

    Event at company

  • Public Classroom

    Traditional Classroom Learning

  • Virtual Learning

    Learning that is virtual

Request this course in a different delivery format.

Download Course Details

Course Overview

Top
This is a deep dive course on Red Team – Blue Team Operations: The cyber kill chain

Security is a business enabler, and it is only when it is viewed from a business perspective that we can truly make the right decisions.  Identifying, protecting and restricting data that can be monetized by adversaries is essential and should be reviewed and defined on a regular basis as only then can you identify potential gaps in your security posture. 

Every organisation should expect to be hacked at some point so it is vital that all members of your blue and red teams are up to speed on the latest hacking techniques.

The term Cyber Kill Chain defines the steps used by cyber attackers in today’s cyber based attacks and this course reviews all of those steps from both a red and blue team perspective. 

Reconnaissance is the first phase, during which the attacker gathers information on the target before the actual attack starts. The data gathering is essential skill of every red teamer. From blue teamer perspective, it is crucial to understand what kind of information is publicly available and to learn how to protect that information.

Without remote code execution vulnerability even the most sophisticated payload needs to be delivered to the victim. There are plenty of ways to achieve that so blue team needs to ensure that payloads are detected and blocked at early stage.

After successful delivery, malicious code exploits a vulnerability to execute code on victim’s system. There are many mechanisms that, if properly configured, significantly reduce attack scope.

The successful exploitation attack often results in code execution with limited privileges. Both, red teamers and blue teamers should be familiar with common techniques and misconfigurations allowing for privilege escalation.

The next after gaining admin privileges on single host is lateral movement that gives access to additional resources within the company. Before red teamer can reach Domain Controller or other critical servers, blue team can implement numerous protections against that threat.Even after an attack is stopped and contained, the attacker will want to ensure persistency and possibility of returning to a compromised host.

Course Schedule

Top

Contact us for dates

Request Group Training Dates in Other Countries

Target Audience

Top
Red team and blue team members, enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.
Show me more

Course Objectives

Top
After completing this course you should be able to:
  • Analyze emerging trends in attacks
  • Identify areas of vulnerability within your organization
  • Prepare a risk assessment for your organization
  • Report and recommend countermeasures
  • Develop a threat management plan for your organization
  • Organize Red Team – Blue Team exercises
Show me more

Course Content

Top
Module 1: Identifying Areas of Vulnerability
  • Defining the assets which your company needs to protect
  • Defining the other sensitive information that needs to be protected

Module 2: Modern Attack Techniques

  • OS platform threats and attacks
  • Web based threats and attacks
  • E-mail threats and attacks
  • Physical access threats and attacks
  • Social threats and attacks
  • Wireless threats and attacks

Module 3: Reconnaissance

  • Open Source Intelligence (OSINT)
  • Google hacking
  • Social Media presence
  • DNS 5. Shodan
  • Physical reconnaissance
  • Port scanning
  • Service discovery
  • SIEM
  • Intrusion Prevention Systems 

Module 4: Weaponization

  •  Generating malicious payload
  • Hiding malicious content in Office Suite documents
  • Reverse shells
  • Metasploit
  • Empire
  • AV evasion techniques

Module 5: Delivery

  • Building phishing campaign
  • Planting malicious device
  • Attacks on 3rd parties
  • Enabling phishing protection
  • O365 / Safe links
  • Smart Screen
  • Secure proxy
  • Sinkholing
  • APT campaigns

Module 6: Exploitation and Installation

  • Types of vulnerabilities
  • Establishing foothold
  • Stage-less and staged payloads / C&C
  • Anti-Virus
  • Firewall
  • Application Whitelisting
  • WDAC
  • Living Off the Land Binaries
  • Exploit Guard
  • AMSI

Module 7: Privilege escalation

  • Privileged accounts
  • System services security
  • Common misconfigurations
  • Security tokens
  • Just Enough Administration
  • Patch maintenance

Module 8: Lateral movement

  • Credential harvesting
  • Mimikatz
  • Network reconnaissance
  • Building network map
  • Responder
  • Pass-the-hash
  • Pass-the-ticket
  • Credential Guard
  • LAPS
  • GPO policies
  • Windows ATA
  • Defender ATP

Module 9: Persistency

  • Sleeping agents
  • Piggybacking on network packets
  • Rootkits
  • Sysinternals
  • Searching for rogue servers
  • Looking for network anomalies
Show me more

Course Prerequisites

Top

Attendees should meet the following prerequisites:

  • Good hands-on experience in administering Windows infrastructure.
  • At least 8 years in the field is recommended.
Show me more

Test Certification

Top

Recommended preparation for exams:

  • There are no exams aligned to this course
Show me more

We Care About Your Privacy

We are using cookies to give you the best experience on our site. Cookies are files stored in your browser and are used by most websites to help personalise your web experience. By continuing to use our website without changing the settings, you are agreeing to our use of cookies.

About your Privacy

We process your data for purposes such as delivering content or advertisements and measuring the delivery of such content or advertisements to extract insights about our website. We may share this information with our partners. Cookies set by Global Knowledge are labelled “first party”; you may exercise your preferences in relation to first party cookies by toggling the switch for each first party cookie category below. The remaining cookies are third party cookies; you may exercise your preferences in relation to each purpose by toggling the relevant switch below or by vendor by clicking “List of IAB Vendors.” These choices will be signaled globally to other websites participating in the Transparency and Consent Framework.
Privacy Statement

Necessary Cookies

These are cookies that are required for the Global Knowledge website to function and cannot be switched off in our systems. They include, for example, cookies that enable you to use a shopping cart or log into the booking area of our website.

Analytics Cookies

Analytics cookies are an optional but important part of our website's functionality. They help us to understand how you interact with our site by collecting and reporting information anonymously. The data collected by analytics cookies is used to improve the website's performance and enhance the user experience. It is important to note that these cookies do not collect any personal information that can be used to identify you.

Preferences Cookies

These are optional and you can turn them off and on. Please only use 2 to 3 lines of text here and if needed link to a page with more cookie info in Intro.

Performance Cookies

These cookies allow us to recognise and count the number of visitors to our website, traffic sources and to see how website visitors move around the website when they are using it. This helps us to improve the way the website works and improve your website experience. All information these cookies collect is aggregated and therefore anonymous.

Cookie Control toggle icon