Red Teaming is the process of using tactics, techniques, and procedures (TTPs) to emulate real-world threats in order to train and measure the effectiveness of the people, processes, and technology used to defend environments. Built on the fundamentals of penetration testing, Red Teaming uses a comprehensive approach to gain insight into an organization's overall security in order to test its ability to detect, respond to, and recover from an attack. When properly conducted, Red Team activities significantly improve an organization's security controls, hone its defensive capabilities, and measure the effectiveness of its security operations.
The Red Team concept requires a different approach from a typical security test and relies heavily on well-defined TTPs, which are critical to successfully emulate a realistic threat or adversary. Red Team results exceed a typical list of penetration test vulnerabilities, provide a deeper understanding of how an organization would perform against an actual threat, and identify where security strengths and weaknesses exist.
Whether you support a defensive or offensive role in security, understanding how Red Teams can be used to improve security is extremely valuable. Organizations spend a great deal of time and money on the security of their systems, and it is critical to have professionals who can effectively and efficiently operate those systems. SEC564 will provide you with the skills to manage and operate a Red Team, conduct Red Team engagements, and understand the role of a Red Team and its importance in security testing. This two-day course will explore Red Team concepts in-depth, provide the fundamentals of threat emulation, and help you reinforce your organization's security posture.
Course Syllabus
SEC564.1: Introduction, Planning, and Management of Red Team Operations
Overview
Day 1 begins by introducing Red Team topics, concepts, and ideas. You will learn what Red Teaming is, how it is used, and how it compares to other security testing types, such as vulnerability assessments and penetration tests. Several topics, concepts, and ideas that are specific to Red Teams, and which constitute the critical foundation of Red Teaming, are examined in order to provide a solid base of understanding.
Exercises
CPE/CMU Credits: 6
Topics
SEC564.2: Red Team Engagement Execution
Overview
Day 2 continues with engagement execution and a focus on Red Team tools and techniques. The day is filled with exercises that walk students through a mock Red Team engagement. Multiple Red Teaming phases are explored that use realistic TTPs to ultimately impact the target organization's supply chain. During the exercises, you manage and control indicators of compromise, design custom command and control channels, and use unique command and control tools. You will also learn Red Teaming concepts needed to control and manage a Red Team. These concepts include how to interface with clients, collect and log engagement artifacts, successfully execute an engagement, manage deconfliction, properly end an engagement, and deliver a professional report.
Exercises
CPE/CMU Credits: 6
Topics
Who Should Attend
Prerequisites
The concepts and exercises in this course are built on the fundamentals of offensive security. An understanding of general penetration testing concepts and tools is encouraged, and a background in security fundamentals will provide a solid base upon which to build Red Teaming concepts.
Many of the Red Teaming concepts taught in this course are suitable for anyone in the security community, and both technical staff as well as management personnel will be able to gain a deeper understanding of Red Teaming.
You Will Receive With This Course
This Course Will Prepare You To