Abstract: In reality penetration testing and red teaming are NOT synonyms. It’s one thing to search for vulnerabilities, but it’s entirely different when you operate in that fuzzy space between simulating an adversary and being the adversary. Welcome to the Modern Red Team Immersion Bootcamp where the focus is on strategy and realistic execution rather than tools and vulnerability findings.

In this training students will dive headfirst, immersing themselves, into a pool of deliberate self-doubt, mental masochism, and tactical triumph. Those crazy enough will find themselves knee deep in recon and attack planning against a target of their choosing and will engage in the subtle art of balancing the liberty of a true no-scope-yoloswag red team engagement with the need to achieve a specific desired impact, normally that means stealing the most important stuff without getting caught. Students can expect to be challenged to know their enemy, define impactful targets, craft a fool proof targeted spear phish, get up in that west coast post exploitation vector swag, exfiltrate that sweet big data booty, and more! Not to worry, nothing illegal will be permitted.

Fancy words aside, this class is designed to throw you into the exact process we use on our Red Team engagements. You will be performing recon and developing an attack strategy against an actual target of your choosing. In post exploitation labs expect to attack OSX/Linux environments modeled around what we encounter most often in the real world.

Requirements:

Some familiarity with basic penetration testing concepts will be helpful but is not absolutely required. Proficiency using a command line and search engine in conjunction to solve problems is highly recommended to enjoy the class. Access to an OSX/Linux laptop or virtual machine with internet connection is required to access labs and complete course content. (Internet Access is provided)

Class Outline:

Day 1: Get in by any means necessary

• Part 1: The Art of Yolo-Scoping
• Part 2: Pick a Target
• Part 3: Recon
  • General Recon
  • Perimeter Recon
  • Social Recon
  • Physical Recon
  • Historical Recon
  • Capability Recon
  • God Mode Cheats
• Part 4: Perimeter Breach
  • Make it Happen

Day 2: Steal everything by any means necessary

• Part 5: Escalation
  • Escalation Paths from a user
  • Escalation Paths from a server
• Part 6: Lateral Movement
• Part 7: Persistence
• Part 8: Exfiltration
  • Getting data out without egress filtering
  • Getting around egress filtering
• Part 9: Anti-Incident Response
• Part 10: Writing Malware (time permitting)

Class is BYOB, instructor accepts bribes.

Bio:

Josh Schwartz, @FuzzyNop, is a computer that knows how to computer. He leads the Offensive Security Program at Salesforce and doesn’t afraid of anything.