Link Search Menu Expand Document

Red Team Adversary Emulation Lab - Tax First Labz by Yaksas CSC

Tax First Labz (TFL) is a rising name in the world of FinTech startups. Started in 2017 by two college friends, their customer base has grown at a rapid scale in the last two years. Recently, they noticed some unusual activity in their network and suspect that their might be something fishy going on. In order to speed up their investigation, they decided to crowd-source the issue to the cybersecurity community.

This lab is part of the course Red Team Adversary Emulation by Yaksas CSC. In this course, you will look at an organization’s security from a real-world adversary perspective. You are hired by a FinTech startup, Tax First Labz ( to conduct an adversary emulation exercise and steal their customer data (before an actual adversary). This exercise assumes zero knowledge about the target network.

In this lab, you will mimic a real world cyber attack with a specific objective, stealing Tax Fist Labz customer data. You will follow the Red Team Operations Attack Lifecycle to conduct this exercise. You will go through each phase in a step-by-step manner and build our attack path as you move ahead. You will employee a variety of techniques, such as

  • Active and passive information gathering
  • Weaponizing an exploit
  • Internal reconnaissance
  • Brute-forcing Exchange server via custom username and password lists
  • Spear phishing a senior employee
  • Privilege Escalation (Linux and Windows)
  • Automated Active Directory domain enumeration
  • Persistence via command and control center
  • Active Directory attacks
  • Pivoting
  • Data Exfilteration

This is a beginner friendly course and lab. If you have just started your career in offensive cybersecurity or are preparing for penetration testing exams (OSCP, eJPT, eCPT, eCPTx, CRTP, CRTO etc.) then this course is for you. If you are already a penetration tester or a red teamer, you will enjoy following a live adversary emulation exercise from scope creation to reporting.

Lab access and duration

Students will be provided access to a pre-configured attacker machine (Kali Linux) via browser-based interface (Apache Guacamole). This machine contains all tools required to attack the target organization and exfilterate the data.

The lab is currently in alpha testing. Students participating in alpha testing will be provided 8 hours free of cost access to the lab. This means once the lab is provisioned it will be active for 8 hours. Student will not be able to stop or pause the lab. However, students can request to revert / reboot machines via the support channels.


Lab support will be provided via Discord. Please join Yaksas CSC Discord server.