SANS SEC565 - Red Team Operations and Adversary Emulation Free Download

SANS SEC565 – Red Team Operations and Adversary Emulation
English | Tutorial | Size: 4.72 GB

Develop and improve Red Team operations for security controls in SEC565 through adversary emulation, cyber threat intelligence, Red Team tradecraft, and engagement planning. Learn how to execute consistent and repeatable Red Team engagements that are focused on the effectiveness of the people, processes, and technology used to defend environments.

What You Will Learn
Penetration testing is effective at enumerating vulnerabilities, but less effective in addressing personnel and processes on the defense side. This can leave Blue Teams or defenders without sufficient knowledge of what offensive input to improve, in turn leaving organizations stuck in a cyclical process of just focusing on vulnerabilities in systems rather than on maturing defenders to effectively detect and respond to attacks.

In SEC565, students will learn how to plan and execute end-to-end Red Teaming engagements that leverage adversary emulation, including the skills to organize a Red Team, consume threat intelligence to map against adversary tactics, techniques, and procedures (TTPs), emulate those TTPs, report and analyze the results of the Red Team engagement, and ultimately improve the overall security posture of the organization. As part of the course, students will perform an adversary emulation against a target organization modeled on an enterprise environment, including Active Directory, intelligence-rich emails, file servers, and endpoints running in Windows and Linux.

SEC565 features six intensive course sections. We will start by consuming cyber threat intelligence to identify and document an adversary that has the intent, opportunity, and capability to attack the target organization. Using this strong threat intelligence and proper planning, students will follow the Unified Kill Chain and multiple TTPs mapped to MITRE® ATT&CK™(Adversarial Tactics, Techniques, and Common Knowledge) during execution. During three course sections, students will be immersed in deeply technical Red Team tradecraft ranging from establishing resilient and advanced attack infrastructure to abusing Active Directory. After gaining initial access, students will thoroughly analyze each system, pilfer technical data and target intelligence, and then move laterally, escalating privileges, laying down persistence, and collecting and exfiltrating critically impactful sensitive data. The course concludes with an exercise analyzing the Blue Team response, reporting, and remediation planning and retesting.

In SEC565, you will learn how to show the value that Red Teaming and adversary emulations bring to an organization. The main job of a Red Team is to make a Blue Team better. Offense informs defense and defense informs offense. SEC565 develops Red Team operators capable of planning and executing consistent and repeatable engagements that are focused on training and on measuring the effectiveness of the people, processes, and technology used to defend environments.

You Will Be Able To:

Consume threat intelligence and plan a Red Team engagement
Set up the required infrastructure to have a successful operation taking into account operational security
Create weaponization that will allow you to infiltrate an organization
Enumerate and extract valuable data required to achieve your objectives using automated tooling, but also manually, if required
Move laterally and persist in a corporate network
Elevate privileges using a variety of attack vectors and misconfigurations that you will now be able to identify
Report your findings in a meaningful way to bring maximum value to your client
You Will Learn How To:

Use threat intelligence to study adversaries for emulation
Build an adversary emulation plan
Map actions to MITRE® ATT&CK™ to aid in communicating with the Blue Team
Establish resilient, advanced C2 infrastructure
Maintain operational security throughout an engagement
Leverage initial access to elevate and propagate through a network
Enumerate and attack Active Directory
Collect and exfiltrate sensitive data in a safe manner
Close an engagement, deliver value, and plan for retesting
Syllabus (36 CPEs)
Download PDF
SEC565.1: Planning Adversary Emulation and Threat Intelligence

SEC565.2: Attack Infrastructure and Operational Security

SEC565.3: Getting In and Staying In

SEC565.4: Active Directory Attacks and Lateral Movement

SEC565.5: Obtaining the Objective and Reporting

SEC565.6: Immersive Red Team Capture-the-Flag

Prerequisites
The concepts and exercises in this course are built on the fundamentals of offensive security. An understanding of general penetration testing concepts and tools is encouraged, and a background in security fundamentals will provide a solid foundation upon which to build Red Team concepts.

Many of the Red Team concepts taught in this course are suitable for anyone in the security community. Both technical staff as well as management personnel will be able to gain a deeper understanding of Red Team exercises and adversary emulations.

Laptop Requirements
Important! Bring your own system configured according to these instructions!

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course.

It is critical that you back up your system before class. It is also strongly advised that you not bring a system storing any sensitive data.

CPU

64-bit Intel i5/i7 2.0+ GHz processor

CRITICAL NOTE: Apple systems using the M1 processor line cannot perform the necessary virtualization functionality and therefore cannot in any way be used for this course.

Your system’s processor must be a 64-bit Intel i5 or i7 2.0 GHz processor or higher. To verify on Windows 10, press Windows key + I to open Settings, then click System, then About. Your processor information will be listed near the bottom of the page. To verify on a Mac, click the Apple logo at the top left-hand corner of your display and then click About this Mac.

BIOS

Enabled Intel-VT
Intel’s VT (VT-x) hardware virtualization technology must be enabled in your system’s BIOS or UEFI settings. You must be able to access your system’s BIOS to enable this setting in order to complete lab exercises. If your BIOS is password-protected, you must have the password. This is absolutely required.
RAM

16 GB RAM is highly recommended for the best experience. To verify on Windows 10, press Windows key + I to open Settings, then click System, then About. Your RAM information will be toward the bottom of the page. To verify on a Mac, click the Apple logo at the top left-hand corner of your display and then click About this Mac.
Hard Drive Free Space

100 GB of FREE space on the hard drive is critical to host the VMs and additional files we distribute. SSD drives are also highly recommended, as they allow virtual machines to run much faster than mechanical hard drives.
Operating System

Your system must be running either the latest version of Windows 10, macOS 10.15.x or later, or Linux that also can install and run VMware virtualization products described below.

Additional Software Requirements

VMware Player Install

VMware Workstation Player 16, VMware Fusion 12, or VMware Workstation 16
Install VMware Player 16, VMware Fusion 12, or VMware Workstation 16. Older versions will not work for this course. Choose the version compatible with your host OS. If you do not own a licensed copy of VMware Workstation or Fusion, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial on its website. VMware Workstation Player is a free download that does not need a commercial license but has fewer features than Workstation. THIS IS CRITICAL: Other virtualization products, such as Hyper-V and VirtualBox, are not supported and will not work with the course material.

If you have additional questions about the laptop specifications, please contact [email protected].

Author Statement
“With this course we provide students with a blueprint they can use to set up a realistic Red Team operation against a client environment. Students will be able to consume threat intelligence, formulate a plan of attack, execute it, and ultimately create a debrief package that will provide maximum value for their organization. This course truly brings together a wide variety of knowledge and aims to equip the students with state-of-the-art tradecraft, keeping up to date with the latest and greatest TTPs. No other course brings together such a wide variety of knowledge of all things Red Team.”

– Jean-François Maes

“Organizations are maturing their security testing programs to include Red Team engagements and adversary emulations. These engagements provide a holistic view of an organization’s security posture by emulating a realistic adversary to test security assumptions, measure the effectiveness of people, processes, and technology, and improve detection and prevention controls. This course will teach you how to plan Red Team engagements, leverage threat intelligence to map against adversary tactics, techniques, and procedures, build a Red Team program and plan, execute a Red Team engagement with a strong emphasis on operational security and tradecraft, and report and analyze the results. Direct application of the lessons in this course will give Red Team operators the skills necessary to improve the overall security posture of an organization.”

– Barrett Darnell

Buy Long-term Premium Accounts To Support Me & Max Speed

If any links die or problem unrar, send request to goo.gl/aUHSZc

Leave a Comment Cancel reply