{"id":11739,"date":"2023-03-20T08:29:10","date_gmt":"2023-03-20T08:29:10","guid":{"rendered":"https:\/\/conference.hitb.org\/hitbincyber2024\/product\/practical-red-teaming-weaponization-adversary-simulation-hitb2023hkt\/"},"modified":"2023-07-07T07:18:45","modified_gmt":"2023-07-07T07:18:45","slug":"practical-red-teaming-weaponization-adversary-simulation-hitb2023hkt","status":"publish","type":"product","link":"https:\/\/conference.hitb.org\/hitbincyber2024\/product\/practical-red-teaming-weaponization-adversary-simulation-hitb2023hkt\/","title":{"rendered":"Practical Red Teaming: Weaponization &amp; Adversary Simulation"},"content":{"rendered":"<h4><strong><span style=\"color: #993300\">ATTEND IN-PERSON<\/span>: Onsite in Phuket<\/strong><\/h4>\n<h4><strong>DATE: 21-24 August 2023<\/strong><\/h4>\n<h4><strong>TIME: 09:00 to 17:00 ICT\/GMT+7<\/strong><\/h4>\n<table style=\"height: 146px\" width=\"599\">\n<tbody>\n<tr>\n<td><strong>Date<\/strong><\/td>\n<td><strong>Day<\/strong><\/td>\n<td style=\"text-align: left\"><strong>Time<\/strong><\/td>\n<td><strong>Duration<\/strong><\/td>\n<\/tr>\n<tr>\n<td>21 Aug<\/td>\n<td>Monday<\/td>\n<td>0900-17:00 ICT\/GMT+7<\/td>\n<td>8 Hours<\/td>\n<\/tr>\n<tr>\n<td>22 Aug<\/td>\n<td>Tuesday<\/td>\n<td>0900-17:00 ICT\/GMT+7<\/td>\n<td>8 Hours<\/td>\n<\/tr>\n<tr>\n<td>23 Aug<\/td>\n<td>Wednesday<\/td>\n<td>0900-17:00 ICT\/GMT+7<\/td>\n<td>8 Hours<\/td>\n<\/tr>\n<tr>\n<td>24 Aug<\/td>\n<td>Thursday<\/td>\n<td>0900-17:00 ICT\/GMT+7<\/td>\n<td>8 Hours<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr \/>\n<h5>Advanced Red Teaming: Weaponization &amp; Adversary Simulation is a hands-on offensive training that focuses on helping organizations battle against ever-growing targeted attacks and ransomware attacks by simulating their adversaries and putting your defenses and your blue team at test to improve the organization security posture<\/h5>\n<p>This training focuses on developing cyber weapons that can evade AV detection, EDR logs, and forensics traces like how advanced targeted attacks do, and provide you with insights on how to improve your organization&#8217;s overall detections and security posture.<\/p>\n<p><strong>The training provides practical guidance &amp; attendees should walk away with the following skills:<\/strong><\/p>\n<p>\u2022 How to simulate a real APT Attack given its TTPs.<br \/>\n\u2022 How to build your own malware to test their defenses (or clients&#8217; defenses) against completely new malware.<br \/>\n\u2022 How to build your own Red Team infrastructure in AWS and secure it from being detected or blocked by the company&#8217;s security team.<br \/>\n\u2022 How to learn not just the techniques and how to use them, but how each technique works internally and how you can develop your own version of it.<\/p>\n<p>&nbsp;<\/p>\n<h5><strong>Agenda<\/strong><\/h5>\n<h5>DAY 1<\/h5>\n<p><strong>APT Attacks &amp; Red Team Infrastructure on AWS<\/strong><br \/>\n\u2022 What is an APT Attack?<br \/>\n\u2022 What are the Attack Stages? And what&#8217;s MITTRE ATTACK?<br \/>\n\u2022 APT attack lifecycle<br \/>\n\u2022 Examples of real-world APT attacks<br \/>\n\u2022 Deep dive into the attackers&#8217; tactics, techniques, and procedures (TTPs) Using Threat Intelligence<br \/>\n\u2022 Understand the attackers&#8217; malware arsenal<br \/>\n\u2022 Setting Up Your Infrastructure in the cloud<br \/>\n\u2022 Setting up your account in AWS &amp; Terraform<br \/>\n\u2022 Build your network and Caldera VM in the cloud<br \/>\n\u2022 Create Redirectors to obfuscate your C&amp;C IP<\/p>\n<p><strong>Phishing &amp; Social Engineering Mastery<\/strong><br \/>\n\u2022 Create a Phishing Platform using GoPhish &amp; EmailGun<br \/>\n\u2022 Create Your Phishing Pages using EvilGinx 2<br \/>\n\u2022 Build Your Phishing plan using OSINT<br \/>\n\u2022 Build your phishing emails templates<br \/>\n\u2022 Bypass 2-Factor Authentication using EvilGinx 2<\/p>\n<p><strong>Initial Access: Get your foot into the organization network <\/strong><br \/>\n\u2022 Spearphishing with a malicious document<br \/>\n\u2022 Spearphishing with link<br \/>\n\u2022 Spearphishing using social media<br \/>\n\u2022 Advanced Execution Techniques: LNK Files<br \/>\n\u2022 Advanced Execution Techniques: COM Objects<br \/>\n\u2022 Write your first spear-phishing attack with a malicious document (Hands-on)<\/p>\n<p>&nbsp;<\/p>\n<h5>DAY 2:<\/h5>\n<p><strong>Write Your First HTTP Malware<\/strong><br \/>\n\u2022 Build a Vulnerable organization in AWS<br \/>\n\u2022 Connect to Caldera C2 using HTTP<br \/>\n\u2022 Implement Base64 encoding in your malware<br \/>\n\u2022 Implement JSON parsing in your malware<br \/>\n\u2022 Send victim machine information to your C&amp;C<br \/>\n\u2022 Receive and execute commands from Caldera<br \/>\n\u2022 Automate command execution across multiple victims<br \/>\n\u2022 Test your malware in your vulnerable AWS Lab<\/p>\n<p><strong>Malware Plugin Framework Implementation<\/strong><br \/>\n\u2022 Add a framework for plugins with additional features<br \/>\n\u2022 Add a keylogger plugin to log keystrokes and steal credentials.<br \/>\n\u2022 Add commands for Caldera to download the keylogger logs<\/p>\n<p><strong>Maintaining Persistence In-Depth (Advanced Techniques)<\/strong><br \/>\n\u2022 Maintain Persistence in the victim machine<br \/>\n\u2022 Advanced Persistence methods<br \/>\n\u2022 Disguise the malware inside a legitimate process (Malware-as-a-DLL)<br \/>\n\u2022 Persistence through DLL Injection<\/p>\n<p><strong>Privilege Escalation Techniques<\/strong><br \/>\n\u2022 UAC bypass techniques<br \/>\n\u2022 Advanced UAC bypass techniques: Abusing Application Shimming<br \/>\n\u2022 Abuse services for privilege escalation<br \/>\n\u2022 Escalate to SYSTEM account.<\/p>\n<p>&nbsp;<\/p>\n<h5>DAY 3:<\/h5>\n<p><strong>Malware Obfuscation: Bypass File Signature Scanning<\/strong><br \/>\n\u2022 Strings Encryption<br \/>\n\u2022 Advanced Encryption Techniques<br \/>\n\u2022 Dynamic API Loading<br \/>\n\u2022 Hidden In Plain Sight: Malware Steganography<\/p>\n<p><strong>Network Obfuscation: Bypass IDS, IPS, NDR, and Machine learning-based tools<\/strong><br \/>\n\u2022 Network Data Encryption<br \/>\n\u2022 Hidden In Plain Sight 01: HTML Smuggling<br \/>\n\u2022 Hidden In Plain Sight 02: Steganography<br \/>\n\u2022 HTTPS Communication<br \/>\n\u2022 Using legitimate websites for communications<br \/>\n\u2022 DNS Flux and DNS over HTTPS<br \/>\n\u2022 Other Protocols &amp; Channels (ICMP, DNS)<\/p>\n<p><strong>Bypass EDRs &amp; Behavioral-Based Detection <\/strong><br \/>\n\u2022 Process Injection &amp; DLL Injection<br \/>\n\u2022 Sysmon &amp; EDR Bypass Techniques<br \/>\n\u2022 Unhook EDR APIs<br \/>\n\u2022 Invisible Process Injection Without Alerting EDRs<br \/>\n\u2022 AppLocker And Application Whitelisting bypass Techniques<br \/>\n\u2022 Signed your malware with a trusted Certificate<\/p>\n<p>&nbsp;<\/p>\n<h5>DAY 4:<\/h5>\n<p><strong>Impersonating Users: Credential Theft &amp; Token Impersonalization <\/strong><br \/>\n\u2022 Credential Theft using lsass memory dump<br \/>\n\u2022 Bypass lsass protection<br \/>\n\u2022 Token Impersonation &amp; Logon Types Overview<br \/>\n\u2022 Token Impersonation implementation in your malware<br \/>\n\u2022 Steal Remote Desktop Sessions<br \/>\n\u2022 Lateral movement using caldera and your agent<\/p>\n<p><strong>Hack the Domain Controller Through Lateral Movements<\/strong><br \/>\n\u2022 Using WMIC &amp; Powershell to gather users and network information<br \/>\n\u2022 Understand domain account permissions and access level<br \/>\n\u2022 NTLM Attacks: Pass The Hash<br \/>\n\u2022 Kerberos Attacks: Pass The Ticket<br \/>\n\u2022 Kerberos Attacks: Overpass The Hash<br \/>\n\u2022 Silver &amp; Golden Tickets<br \/>\n\u2022 Lateral movement using Scheduled tasks<br \/>\n\u2022 Lateral movement using Remote COM Objects<br \/>\n\u2022 Lateral movement using WMIC &amp; Powershell Remoting<\/p>\n<h5><\/h5>\n","protected":false},"excerpt":{"rendered":"<p>ATTEND IN-PERSON: Onsite in Phuket DATE: 21-24 August 2023 TIME: 09:00 to 17:00 ICT\/GMT+7 Date Day Time Duration 21 Aug Monday 0900-17:00 ICT\/GMT+7 8 Hours 22 Aug Tuesday 0900-17:00 ICT\/GMT+7 8 Hours 23 Aug Wednesday 0900-17:00 ICT\/GMT+7 8 Hours 24 Aug Thursday 0900-17:00 ICT\/GMT+7 8 Hours Advanced Red Teaming: Weaponization &amp; Adversary Simulation is a [&hellip;]<\/p>\n","protected":false},"featured_media":11738,"template":"","meta":{"_acf_changed":false},"product_cat":[59,77,57],"product_tag":[],"class_list":{"0":"post-11739","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-4-day-training","7":"product_cat-hitb2023hkt","8":"product_cat-in-person","10":"first","11":"instock","12":"featured","13":"shipping-taxable","14":"purchasable","15":"product-type-simple"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Practical Red Teaming: Weaponization &amp; Adversary Simulation - HITB (in)Cyber 2024 - Abu Dhabi<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/conference.hitb.org\/hitbincyber2024\/product\/practical-red-teaming-weaponization-adversary-simulation-hitb2023hkt\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Practical Red Teaming: Weaponization &amp; Adversary Simulation - HITB (in)Cyber 2024 - Abu Dhabi\" \/>\n<meta property=\"og:description\" content=\"ATTEND IN-PERSON: Onsite in Phuket DATE: 21-24 August 2023 TIME: 09:00 to 17:00 ICT\/GMT+7 Date Day Time Duration 21 Aug Monday 0900-17:00 ICT\/GMT+7 8 Hours 22 Aug Tuesday 0900-17:00 ICT\/GMT+7 8 Hours 23 Aug Wednesday 0900-17:00 ICT\/GMT+7 8 Hours 24 Aug Thursday 0900-17:00 ICT\/GMT+7 8 Hours Advanced Red Teaming: Weaponization &amp; Adversary Simulation is a [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/conference.hitb.org\/hitbincyber2024\/product\/practical-red-teaming-weaponization-adversary-simulation-hitb2023hkt\/\" \/>\n<meta property=\"og:site_name\" content=\"HITB (in)Cyber 2024 - Abu Dhabi\" \/>\n<meta property=\"article:modified_time\" content=\"2023-07-07T07:18:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/conference.hitb.org\/hitbincyber2024\/wp-content\/uploads\/sites\/21\/2023\/03\/2.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/product\/practical-red-teaming-weaponization-adversary-simulation-hitb2023hkt\/\",\"url\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/product\/practical-red-teaming-weaponization-adversary-simulation-hitb2023hkt\/\",\"name\":\"Practical Red Teaming: Weaponization &amp; Adversary Simulation - HITB (in)Cyber 2024 - Abu Dhabi\",\"isPartOf\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/product\/practical-red-teaming-weaponization-adversary-simulation-hitb2023hkt\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/product\/practical-red-teaming-weaponization-adversary-simulation-hitb2023hkt\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/wp-content\/uploads\/sites\/21\/2023\/03\/2.jpg\",\"datePublished\":\"2023-03-20T08:29:10+00:00\",\"dateModified\":\"2023-07-07T07:18:45+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/product\/practical-red-teaming-weaponization-adversary-simulation-hitb2023hkt\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/conference.hitb.org\/hitbincyber2024\/product\/practical-red-teaming-weaponization-adversary-simulation-hitb2023hkt\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/product\/practical-red-teaming-weaponization-adversary-simulation-hitb2023hkt\/#primaryimage\",\"url\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/wp-content\/uploads\/sites\/21\/2023\/03\/2.jpg\",\"contentUrl\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/wp-content\/uploads\/sites\/21\/2023\/03\/2.jpg\",\"width\":1200,\"height\":900},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/product\/practical-red-teaming-weaponization-adversary-simulation-hitb2023hkt\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Shop\",\"item\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/shop\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Practical Red Teaming: Weaponization &amp; Adversary Simulation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/#website\",\"url\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/\",\"name\":\"HITB (in)Cyber 2024 - Abu Dhabi\",\"description\":\"May 14 - 16, Etihad Arena \",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Practical Red Teaming: Weaponization &amp; Adversary Simulation - HITB (in)Cyber 2024 - Abu Dhabi","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/conference.hitb.org\/hitbincyber2024\/product\/practical-red-teaming-weaponization-adversary-simulation-hitb2023hkt\/","og_locale":"en_US","og_type":"article","og_title":"Practical Red Teaming: Weaponization &amp; Adversary Simulation - HITB (in)Cyber 2024 - Abu Dhabi","og_description":"ATTEND IN-PERSON: Onsite in Phuket DATE: 21-24 August 2023 TIME: 09:00 to 17:00 ICT\/GMT+7 Date Day Time Duration 21 Aug Monday 0900-17:00 ICT\/GMT+7 8 Hours 22 Aug Tuesday 0900-17:00 ICT\/GMT+7 8 Hours 23 Aug Wednesday 0900-17:00 ICT\/GMT+7 8 Hours 24 Aug Thursday 0900-17:00 ICT\/GMT+7 8 Hours Advanced Red Teaming: Weaponization &amp; Adversary Simulation is a [&hellip;]","og_url":"https:\/\/conference.hitb.org\/hitbincyber2024\/product\/practical-red-teaming-weaponization-adversary-simulation-hitb2023hkt\/","og_site_name":"HITB (in)Cyber 2024 - Abu Dhabi","article_modified_time":"2023-07-07T07:18:45+00:00","og_image":[{"width":1200,"height":900,"url":"https:\/\/conference.hitb.org\/hitbincyber2024\/wp-content\/uploads\/sites\/21\/2023\/03\/2.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/conference.hitb.org\/hitbincyber2024\/product\/practical-red-teaming-weaponization-adversary-simulation-hitb2023hkt\/","url":"https:\/\/conference.hitb.org\/hitbincyber2024\/product\/practical-red-teaming-weaponization-adversary-simulation-hitb2023hkt\/","name":"Practical Red Teaming: Weaponization &amp; Adversary Simulation - HITB (in)Cyber 2024 - Abu Dhabi","isPartOf":{"@id":"https:\/\/conference.hitb.org\/hitbincyber2024\/#website"},"primaryImageOfPage":{"@id":"https:\/\/conference.hitb.org\/hitbincyber2024\/product\/practical-red-teaming-weaponization-adversary-simulation-hitb2023hkt\/#primaryimage"},"image":{"@id":"https:\/\/conference.hitb.org\/hitbincyber2024\/product\/practical-red-teaming-weaponization-adversary-simulation-hitb2023hkt\/#primaryimage"},"thumbnailUrl":"https:\/\/conference.hitb.org\/hitbincyber2024\/wp-content\/uploads\/sites\/21\/2023\/03\/2.jpg","datePublished":"2023-03-20T08:29:10+00:00","dateModified":"2023-07-07T07:18:45+00:00","breadcrumb":{"@id":"https:\/\/conference.hitb.org\/hitbincyber2024\/product\/practical-red-teaming-weaponization-adversary-simulation-hitb2023hkt\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/conference.hitb.org\/hitbincyber2024\/product\/practical-red-teaming-weaponization-adversary-simulation-hitb2023hkt\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/conference.hitb.org\/hitbincyber2024\/product\/practical-red-teaming-weaponization-adversary-simulation-hitb2023hkt\/#primaryimage","url":"https:\/\/conference.hitb.org\/hitbincyber2024\/wp-content\/uploads\/sites\/21\/2023\/03\/2.jpg","contentUrl":"https:\/\/conference.hitb.org\/hitbincyber2024\/wp-content\/uploads\/sites\/21\/2023\/03\/2.jpg","width":1200,"height":900},{"@type":"BreadcrumbList","@id":"https:\/\/conference.hitb.org\/hitbincyber2024\/product\/practical-red-teaming-weaponization-adversary-simulation-hitb2023hkt\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/conference.hitb.org\/hitbincyber2024\/"},{"@type":"ListItem","position":2,"name":"Shop","item":"https:\/\/conference.hitb.org\/hitbincyber2024\/shop\/"},{"@type":"ListItem","position":3,"name":"Practical Red Teaming: Weaponization &amp; Adversary Simulation"}]},{"@type":"WebSite","@id":"https:\/\/conference.hitb.org\/hitbincyber2024\/#website","url":"https:\/\/conference.hitb.org\/hitbincyber2024\/","name":"HITB (in)Cyber 2024 - Abu Dhabi","description":"May 14 - 16, Etihad Arena ","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/conference.hitb.org\/hitbincyber2024\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/conference.hitb.org\/hitbincyber2024\/wp-json\/wp\/v2\/product\/11739"}],"collection":[{"href":"https:\/\/conference.hitb.org\/hitbincyber2024\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/conference.hitb.org\/hitbincyber2024\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/conference.hitb.org\/hitbincyber2024\/wp-json\/wp\/v2\/media\/11738"}],"wp:attachment":[{"href":"https:\/\/conference.hitb.org\/hitbincyber2024\/wp-json\/wp\/v2\/media?parent=11739"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/conference.hitb.org\/hitbincyber2024\/wp-json\/wp\/v2\/product_cat?post=11739"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/conference.hitb.org\/hitbincyber2024\/wp-json\/wp\/v2\/product_tag?post=11739"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}