Introduction:

Adversaries are continually evolving and developing more sophisticated attacks, making it crucial for professionals in this field to be adept at both defensive and offensive strategies for effective detection. This comprehensive training program immerses participants in realistic cyber attack simulations and includes hands-on exercises in detection and response.

Participants will simulate various attack scenarios targeting Web, Network, Host, Active Directory, and Cloud environments. They will investigate root causes, identify attack patterns, and develop baseline detection rules. Additionally, the program provides opportunities to work with advanced security tools and technologies, while simulating both red and blue team joint techniques to gain a thorough understanding of adversarial tactics.

Red Team Highlights

  • Perform Breach and Attack Simulation
  • Enhance Stealth Skills
  • Simulate Attacks Across Various Environments

Blue Team Highlights

  • Hands-on Investigations
  • Understand Offensive Operations
  • Enhance Real-Time Investigation Skills

Table of Content

  1. Purple teaming 101
    • Introduction to Purple Team Operations
    • Enterprise Purple Teaming
    • Market Standards & Execution
      • Mitre Attack & Mitre Defend
  2. CWL Lab Infrastructure
    • Architectural Summary of Investigative Infrastructure
    • Purple Team Challenges
    • Joint Offensive & Defensive operation
  3. Web Application Attack & Detection
    • Vulnerabilities / Mis-configurations
      • Brute Forcing
      • Brute Forcing
      • SQLI
      • LFI/RFI
      • RCE
      • SSRF
      • Log4j
    • Web Application Purple Team Case Study [Exercise]
  4. Network Attack & Detection
    • Network Enumeration
      • NMAP
        • TCP SYN scan
        • UDP scans
        • Vulnerability scan
    • Network service Brute Forcing
      • SSH
      • RDP
      • SNMP
      • SMTP
      • WinRM
      • SMB
      • WMI
    • Network Pivoting : Proxychains
  5. Host Attack & Detection
    • Process Injection Techniques
      • Classic Process Injection
      • Advanced Procedure Call (APC)
    • Suspicious service creation
    • Credential Dumping : LSASS & SAM
    • Privilege Escalation
      • PrintNightmare Vulnerability
      • Dirty Pipe CVE-2022-0847
      • pkexec CVE-2021-4034
  6. C2 Attack Simulation & Detection
    • Attack Simulation (Sliver):
      • Initial Access
      • Persistence
    • Detection
      • Host Investigation
        • Powershell
        • Task Scheduler
      • Network investigation
        • JA3 Fingerprinting
  7. Active Directory Attack & Detection
    • Recon & Initial Access
      • Password Spraying
      • ASREP Roasting
      • Credential Relaying
    • Domain Privilege Escalation
      • Pass the Hash /Over Pass the Hash
      • Pass the Ticket / Cache
      • Kerberoasting Attack
    • Persistence:
      • Golden, Silver, Diamond Ticket
  8. Cloud Infra Attack & Detection
    • AWS
      • Privilege escalation using Assume role
      • S3 data exfiltration
      • EC2 security group modification
    • AZURE
      • EntraID : Service Principal Credential Creation
      • Storage container policy modification
      • VM NIC configuration modification
    • GCP
      • Service Account with higher privileges
      • Bucket object enumeration
      • Compute Engine snapshot
  9. Crafting Deceptive Defenses : Canary tokens
    • On-premises
      • Deploying and testing Canary tokens on On-premises
    • Multi-Cloud
      • Deploying and testing Canary tokens on AWS & Azure Cloud

Pre-Requisites :

  • Download and Install OpenVPN Client
  • Machine having updated browser with internet access
  • Kali/Parrot VM in VMWare Workstation Pro with NAT mode (internet access)
  • An Open Mind :)

NOTE : Team will share specific setup requirements 10 days before the training

Attendees Takeaway :

  • Premium training materials + lab access (during training)
  • Direct technical support over discord channel
  • Custom detection rules + Investigative Mind Maps
  • Joint Offensive and defensive mindset to tackle complex on-premise/cloud attacks

Duration

2 days