The

Syllabus

Day 2
Situational Awareness + Workstation assessment
+ Operational security + Domain and network assessment
+ Environmental checks + Attack and enumerating Active Directory
Persistence + Abusing domain trusts
+ User land persistence + Bypassing 2FA
+ System level persistence + Understanding UAC
+ Miscellaneous persistence - Outlook Rules, + Lateral movement
domain based persistence, etc. + Tactical withdrawal
+ Creating custom binaries + Keeping a small footprint
Acting on Objectives Reporting & Logging
+ Introduction to objective based testing + What to log
+ Reconnaissance + How to log it
+ Exploiting user permissions + Why logging is important
+ Elevating permissions + Tips for team collaboration

Day 3
Assault Course - Wrap Up
Objective Based Red Team Assessment + End-to- end assault course run through
+ Perform simulated phishing + Course wrap up
+ Persistence + War stories
+ Multi-domain environment + Questions and answers
+ Multi-layered network pivoting
+ Gold build vulnerabilities
+ Active Directory weaknesses

ADVANCED
THREAT ACTOR
SIMULATION
(RED TEAM TRAINING)
UK Head Office
DELIVERED BY NETTITUDE’S RED TEAM
Jephson Court, Tancred Close,
Leamington Spa, CV31 3RZ
0345 52 000 85 [email protected]

www.nettitude.com
 The
Syllabus
“ Offers excellent value for penetration
testing consultants wanting to
increase their knowledge and skill.
What is this course? It taught real-world effective simulated
This course aims to train an already inquisitive mind on how to attack strategies, tools and techniques
operate and simulate real-world threat actors, at various levels which I now use to conduct simulated
of sophistication. Candidates of the course will learn an in-depth
methodology and approach, while operating at the standards required
attacks against our clients.
”
Kai Stimpson - Principal Security Consultant
for a professional Red Teamer.
Day 1
The tactics and techniques taught in this course are constantly The course includes both a theory element as
updated; Nettitude’s Red Team works side by side with Nettitude’s well as substantial hands on practical exercises, Introduction Weaponisation
Threat Intelligence Team to ensure Red Team operations are where the techniques learned can be practiced in a
+ Cyber Kill Chain + Introduction
delivered with the utmost realism; “as real as it gets” by advanced training lab environment specifically designed to
threat actors nowadays. replicate a typical corporate network. The training lab + MITRE Attack Framework + Weaponisation handlers
environment is built with defensive security controls and + Tactics, Techniques and Procedures (TTPs) + Macro embedded office document (Auto_Run)
The purpose of a Red Team engagement is primarily to assess an
countermeasures deployed, which will require the candidates + Macro embedded office document (Buttons)
organizations ability to detect and respond to a real-world breach. Scoping & Pre-Engagement
to use their newly acquired skills to bypass them.
+ Purpose of a red team + OLE objects
The latest tactics, techniques and procedures (TTPs) being used
While the course focuses heavily on the latest offensive techniques + HTA/MSHTA.exe
by real-world threat actors will be demonstrated on a practical + Understanding the scope and objectives
used by a Red Team, it also covers common defensive techniques
level. This includes stealthily bypassing defensive security + Attribution + ClickOnce
that are deployed by the Blue Team, such as host-based event
controls, which are typically operating within modern enterprise + Java applet
logging and monitoring, strict egress filtering, application white-listing + Legal
environments.
and various other endpoint protection controls. + Document and application signing
Reconnaissance & OSINT
+ PDF
+ Threat Intelligence
+ Automation Execution Methods
+ Tips and tricks + Bypassing whitelisting - living off the land

+ Active vs passive reconnaissance + Certutil, MSbuild, Msiexec, Wmic, WScript,

CScript, InstallUtil, etc.
Who is it for? C2 Infrastructure

The course can be used to train both Red and

Blue Teamers in the offensive techniques
“ Great course content delivered
by extremely knowledgeable red
+ C2 architecture
+ C2 proxy servers and rewrite rules
Delivery
+ Perimeter controls
teamers. The practical lab was a + Phishing, social engineering, USB,
+ Controlling traffic and user behavior
adopted by various threat actors and build a great environment where newly network devices, physical

”
better understanding on how these techniques + Security controls
learned techniques can be applied. + Tracking delivery
are used to bypass defensive measures and Sasha Raljic -Principal Security Consultant
+ Proxy labs
+ Live experiences and
breach organizations security around the globe. + Purchasing collateral and staying Anonymous
bypass techniques
+ Domain reputation

Nettitude deliver this course at various cyber security + Domain fronting

conferences, as well as in-house for various organizations
in the private and government sector. For in-house training,
Prerequisites + HTTP versus HTTPS and building certificates
+ Phishing setup
additional pre-training sessions can be delivered (in the form of All candidates must bring their own laptop,
+ Email security (SPF, DKIM, DMARC)
webcasts) in order to bridge any knowledge gaps that may exist capable of both Wi-Fi and Ethernet connections
+ Information leakage
with the student base. This will ensure that maximum value and in order to connect to the training lab network.
knowledge is attained by the students during the delivery of the + Burner phones
The laptop should have the ability to run two
main course. + C2 communication
Virtual Machines, preferably on VMWare.
Nettitude’s Advanced Threat Actor Simulation course best + C2 safety
suits individuals with a general knowledge of offensive security The student must have administrative rights over the laptop + Operational security
and Microsoft Windows infrastructure within corporate in order to install any software that may be required.
environments. A basic knowledge of offensive and defensive
Laptop Hardware requirements:
tools would be beneficial but not mandatory.
• 8 GB RAM minimum
• Ethernet Adapter
• 50 GB of available HDD space