Overview

The CRTP: Certified Red Team Professional course focuses on “offense-in-depth”, the ability to rapidly adapt to defensive mitigations and responses with a variety of offensive tactics and techniques.

CRTP immerses students in a single simulated enterprise environment, with multiple VMs, up-to-date and patched operating systems, and defenses. In keeping with the assumed breach mentality, the course provides detailed attacker tradecraft post initial access, which includes performing host situational awareness and “safety checks”, escalation privileges locally, breaking out of the beachhead, performing advanced lateral movement, escalating in Active Directory, performing advanced Kerberos attacks, and achieving red team objectives via data mining and exfiltration.

The course is fast paced and highly intensive, teaching delegates an in-depth methodology and approach while operating as a professional Red Teamer. We not only show delegates how to perform advanced red team tactics, techniques and procedures (TTP’s) but further cover how to run a successful end-to-end engagement with a focus on operational security and risk.

Skills Covered

  • Understand the MITRE ATT&CK Framework with details on techniques, tactics, and procedures (TTP) commonly used by threat actors as this can be used as a reference during Red Teaming.
  • Understand the core concepts of adversary simulation, command & control, and how to plan an engagement.
  • Learn about each stage of the attack lifecycle from initial compromise to full domain takeover, data hunting, and data exfiltration.
  • Learn to mimic the offensive hacker mindset and think outside the box and come up with new attack vectors and approaches
  • Discover and leverage vulnerabilities towards take over and data breach
  • Perform post-exploitation tasks such as host and network reconnaissance, Pivot to n-tiered networks, and establish persistence.
  • Perform Active Directory attacks such as kerberoasting, ASREP, abuse unconstrained delegation and exploit insecure ACLs, and move laterally across a Windows estate.
  • Perform a comprehensive red team operation penetration test, from reconnaissance to establishing a foothold and maintaining a covert presence.

Who Should Attend

  • Red Teamers
  • Bug Bounty Hunters
  • Security Analysts
  • Vulnerability Assessors
  • Penetration Testers
  • IT Security Professionals
  • Security Consultants
  • Blue Team members, Defenders, and Forensic Analyst
  • Anyone who wants to learn the Offensive side of Cyber Security

Course Curriculum

Prerequisites

  • Cybertronium Certified Penetration Tester or other Pentest certifications OR A thorough understanding of Penetration Tests and Security Assessments
  • Networking Basics
  • Understanding & Navigating Different OSes like Windows, Linux
  • Prior knowledge on OWASP TOP 10
  • Knowledge of Active Directory

Download Syllabus