Adversary Emulation 101: Mimicking a real-world cyber attack

What you'll learn

• How to plan and manage adversary emulation exercise
• Difference between red teaming and adversary emulation
• MITRE ATT&CK Framework
• Red team operations attack lifecycle
• How to conduct adversary emulation exercise on a live organization
• Open Source Intelligence (OSINT) techniques to gather information
• Weaponizing exploits to gain foothold into the network
• Password brute-forcing using custom generated lists
• Phishing an employee
• Escalating Privileges on Linux and Windows systems
• Active Directory enumeration using BloodHound
• Active Directory attacks
• Establishing persistence via PoshC2 (command and control center software)
• Creating an engagement report

Requirements

• Basic knowledge of Kali Linux
• Basic knowledge of PowerShell
• Basic understanding of penetration testing and red teaming
• Red Teamer mindset

Who this course is for

• Students curious about conducting a real-world security engagement
• Beginners in Red Teaming
• Students preparing for penetration testing certifications
• Cybersecurity Professionals

About this course

In this course, we look at an organization's security from a real-world adversary perspective. We are hired by a FinTech startup to conduct an adversary emulation exercise and steal their customer data (before an actual adversary). This exercise assumes zero knowledge about the target network.

During an adversary emulation exercise we mimic a real world cyber attack with a specific objective, such as stealing customer data, launching a ransomware attack etc. This course follows the Red Team Operations Attack Lifecycle to conduct this exercise. We go through each phase in a step-by-step manner and build our attack path as we move ahead. We employee a variety of techniques, such as

• Active and passive information gathering
• Gaining foothold into the network
• Host Discovery
• Brute-forcing
• Phishing
• Privilege Escalation (Linux and Windows)
• Automated Active Directory domain enumeration
• Persistence via command and control center
• Active Directory attacks

to achieve our objective. Upon completion of the exercise, we will prepare and submit a report to the organization's management.

This course also covers installation and usage of tools such as, PoshC2, Mentalist, BloodHound, Mimikatz, Metasploit, PowerUp, icacls, PowerShell etc.

This is a beginner friendly course. If you have just started your career in offensive cybersecurity or are preparing for penetration testing exams then this course is for you. If you are already a penetration tester or a red teamer, with a few years of experience under your belt, then you would already know most of the above mentioned techniques. However, if you are interested in witnessing a live adversary emulation exercise, please feel free to follow along.

Course image source: Freepik.com