In this course, we look at an organization’s security from a real-world adversary perspective. You are hired by a FinTech startup to conduct an adversary emulation exercise and steal their customer data (before an actual adversary). This exercise assumes zero knowledge about the target network.
This is a beginner friendly course. If you have just started your career in offensive cybersecurity or are preparing for penetration testing certifications like OSCP, eJPT, ePTP, CRTP etc. then this course is for you.
- How to plan and manage adversary emulation exercise - Difference between red teaming and adversary emulation - MITRE ATT&CK Framework - Red team operations attack lifecycle - How to conduct adversary emulation exercise on a live organization - Open Source Intelligence (OSINT) techniques to gather information - Weaponizing exploits to gain foothold into the network - Password brute-forcing using custom generated lists - Phishing an employee - Escalating Privileges on Linux and Windows systems - Active Directory enumeration using BloodHound - Active Directory attacks - Establishing persistence via PoshC2 (command and control center software) - Creating an engagement report