Center for Cyber Security Studies and Research

Red Teaming

Description:
This advanced three-month Red Teaming course is designed to provide participants with the skills required to simulate real-world adversarial attacks on an organization’s security infrastructure. Red Teaming involves conducting stealthy, persistent, and multi-vector attacks to test the effectiveness of security defenses, processes, and the responsiveness of the Blue Team. Participants will learn to think like a hacker, using advanced tactics and techniques to exploit vulnerabilities in systems, networks, and human factors, and providing actionable insights to strengthen an organization’s security posture.

Syllabus:

  • Month 1:
    • Introduction to Red Teaming: Understanding the role of a Red Team, objectives, and how it differs from penetration testing.
    • Planning and Reconnaissance: Gathering intelligence using OSINT (Open Source Intelligence) and other reconnaissance methods.
    • Exploitation and Lateral Movement: Techniques for exploiting vulnerabilities in systems and moving laterally within networks.
    • Initial Access Tactics: Phishing, social engineering, and physical access methods to gain an initial foothold in the target environment.
  • Month 2:
    • Advanced Exploitation Techniques: Exploiting misconfigurations, privilege escalation, and pivoting within the network.
    • Command and Control (C2) Infrastructure: Setting up C2 frameworks (Cobalt Strike, Metasploit) and maintaining persistence in compromised environments.
    • Bypassing Security Controls: Techniques for evading firewalls, IDS/IPS, and endpoint detection and response (EDR) solutions.
    • Privilege Escalation and Persistence: Techniques for escalating privileges and maintaining long-term access in the environment.
  • Month 3:
    • Simulating Advanced Persistent Threats (APT): Carrying out multi-stage attacks that mimic APT groups.
    • Reporting and Documentation: Writing Red Team reports, explaining findings, and recommending remediation strategies.
    • Collaboration with Blue Teams: How Red Teams and Blue Teams work together in purple teaming exercises to improve defenses.
    • Post-Engagement Activities: Lessons learned, post-exploitation cleanup, and preventing detection during the attack lifecycle.

Training Material:
Participants will receive extensive PDF materials, including Red Team engagement templates, report writing guides, and access to practical labs. Both live and recorded sessions will be provided for hands-on exercises, demonstrations, and case studies.

Methodology:

  • Hands-on Labs: Practical labs will allow participants to set up C2 infrastructure, execute Red Team attacks, and test defenses in a controlled environment.
  • Live/Recorded Sessions: Weekly interactive sessions focusing on different phases of a Red Team engagement, including reconnaissance, exploitation, and post-exploitation.
  • Simulated Red Team Exercises: Realistic attack scenarios where participants will work through the stages of a Red Team operation, including stealthy tactics to evade detection.
  • Group Exercises and Expert Talks: Discussions and group exercises on how to outmaneuver Blue Teams and handle advanced security defenses.

Benefits:

  • Gain expertise in Red Team tactics, techniques, and procedures (TTPs), preparing participants for roles as Red Team operators or offensive security specialists.
  • Learn to plan and execute multi-vector attacks, providing comprehensive insights into how adversaries target organizations.
  • Hands-on experience with industry-leading tools such as Cobalt Strike, Metasploit, and others used in Red Team engagements.
  • Improve collaboration with Blue Teams through Purple Teaming exercises, helping organizations to better defend against real-world cyber threats.