Adversary Emulation: Mimicking a real-world cyber attack

Name: Adversary Emulation: Mimicking a real-world cyber attack
Rating: 4.6 (26 reviews)

Learn how to perform red team adversary emulation exercises end-to-end

Created byUday Mittal

Last updated 2/2024

English

What you'll learn

How to plan and manage adversary emulation exercise
Difference between red teaming and adversary emulation
MITRE ATT&CK Framework
Red team operations attack lifecycle
How to conduct adversary emulation exercise on a live organization
Open Source Intelligence (OSINT) techniques to gather information
Weaponizing exploits to gain foothold into the network
Password brute-forcing using custom generated lists
Phishing an employee
Escalating Privileges on Linux and Windows systems
Active Directory enumeration using BloodHound
Active Directory attacks
Establishing persistence via PoshC2 (command and control center software)
Creating an engagement report

Course content

20 sections • 85 lectures • 4h 18m total length

Course Introduction3:14
Introduce learners to adversary emulation by simulating a fintech startup breach, covering active and passive information gathering, gaining a foothold, privilege escalation, and persistence via command-and-control software.
What is Adversary Emulation?0:48
Red Teaming vs Adversary Emulation1:41
Who are we going to breach?3:31
Attack Methodology & Attack Path3:07
Introduction to MITRE ATT&CK framework1:25
Summary0:55
Resources0:01

Overview0:46
Setting up Kali Linux4:56
Install / Download Tools8:42
Setup the web server to make tools accessible from the target network3:17
Setup the note taking environment using Cherry Tree2:17
Set up a note taking environment using Cherry Tree, a free, hierarchical note taking application, to store phase information from red team operations and organize subnodes for each site.
Summary0:26
Set up an attack environment by configuring a Linux machine, creating folders, and enabling scripting. Install tools for the exercise and create a node picking environment to centralize collected data.

Overview0:30
Gaining foothold6:04
Identify vulnerable WordPress plugins via scan and exploit unauthenticated file upload to gain remote code execution; demonstrate uploading a reverse shell to compromise a web server.
Summary1:06
Analyze how an unauthenticated vulnerability yielded a foothold and limited shell on a target website, then use an uploaded file to gain remote shell access in a simulated breach.

Requirements

Basic knowledge of Kali Linux
Basic knowledge of PowerShell
Basic understanding of penetration testing and red teaming
Red Teamer mindset

Description

Red Team Adversary Emulation, focuses on approaching an organization's security from the view of a real-world adversary. In this course, we perform a live Adversary Emulation exercise and try to steal customer data of a FinTech startup. We are hired by a FinTech startup to conduct an adversary emulation exercise and steal their customer data (before an actual adversary). This exercise assumes zero knowledge about the target network.

During an adversary emulation exercise we mimic a real world cyber attack with a specific objective, such as stealing customer data, launching a ransomware attack etc. This course follows the Red Team Operations Attack Lifecycle to conduct this exercise. We go through each phase in a step-by-step manner and build our attack path as we move ahead. We employee a variety of techniques, such as

Active and passive information gathering
Gaining foothold into the network
Host Discovery
Brute-forcing
Phishing
Privilege Escalation (Linux and Windows)
Automated Active Directory domain enumeration
Persistence via command and control center
Active Directory attacks

to achieve our objective. Upon completion of the exercise, we will prepare and submit a report to the organization's management.

This course also covers installation and usage of tools such as, PoshC2, Mentalist, BloodHound, Mimikatz, Metasploit, PowerUp, icacls, PowerShell etc.

This is a beginner friendly course. If you have just started your career in offensive cybersecurity or are preparing for penetration testing exams then this course is for you. If you are already a penetration tester or a red teamer, with a few years of experience under your belt, then you would already know most of the above mentioned techniques. However, if you are interested in witnessing a live adversary emulation exercise, please feel free to follow along.

Who this course is for:

Students curious about conducting a real-world security engagement
Students preparing for penetration testing certifications
Beginners in Red Teaming
Cybersecurity Professionals
Information Security Managers

Adversary Emulation: Mimicking a real-world cyber attack

What you'll learn

Explore related topics

Course content

Introduction8 lectures • 15min

Setting up the attacker machine and tools6 lectures • 20min

Lab Setup5 lectures • 27min

Recon4 lectures • 12min

Initial compromise3 lectures • 8min

Escalate Privileges5 lectures • 9min

Persistence4 lectures • 9min

Internal Recon3 lectures • 7min

Lateral Movement5 lectures • 23min

Lateral Movement – Privilege Escalation7 lectures • 20min

Requirements

Description

Who this course is for: