About The Training
Berlin 2025 | Trainings
- AI Security: Terminating The Terminator
- AdversaryOps: Engineering Red Team Tradecraft
- Application Security Tool Stack - How to Discover Vulnerabilities in Software
- Building Secure Firmware: Best Practices and Labs
- Cloud Red Team Tactics for Attacking and Defending Azure
- Cyber Threat Intelligence Bootcamp: Hands-on Labs & Real-World Scenarios
- Hacking Android Applications
- Hacking Modern Web & Desktop apps: Master the Future of Attack Vectors
- Slaying the RE Dragon: Mastering Reverse Engineering
< Training Title />
AdversaryOps: Engineering Red Team Tradecraft
< Training Schedule />
Start Date: Mar 02, 2026
End Date: Mar 04, 2026
< Training Objectives />
As the cyber threat landscape rapidly evolves, traditional security postures are increasingly insufficient. This training delivers the cutting-edge offensive tradecraft essential for identifying, understanding, and mitigating the most advanced persistent threats.
StealthOps: Adversary Emulation & Enterprise Control Bypass meticulously deconstructs modern threat actor methodologies. You'll master real-world APT Tactics, Techniques, and Procedures (TTPs) to silently circumvent hardened, patched, and actively monitored enterprise environments. From developing custom offensive tooling and resilient infrastructure to bypassing sophisticated host, network, and cloud security controls, this training provides the elite tradecraft and adversarial mindset.
Whether you are simulating advanced attacks or assessing your own environment’s resilience, this training provides the tradecraft, mindset, and tooling to operate like a real adversary.
NOTE: All participants post training will be provided with CWL Enterprise Security Controls Attack Specialist (CESC-AS) course access. 30 days of lab access to Simulated HealthCare Cyber Range Lab.
< Training Level />
Basic;Intermediate
< Training Outlines />
Module 1: Red Team Resource Development & TTPs
- OPSEC-Safe Red Team Infrastructure
- On-Premise: Reverse Proxies and Custom VPN Tunneling
- Cloud: Redirectors in AWS, Azure & GCP
- Phishing Infrastructure
- OAuth Device Code Exploitation
- Utilizing Serverless Infrastructure for Phishing
- Red Team Infrastructure Automation via RedInfraCraft
- Initial Access Security Controls
- Working Initial Access Vectors
- Advanced Persistent Threat (APT) TTPs
- Backdooring VS Code Packages
- DOTNET Serialization with Initial Access TTP [Lab]
- Backdooring MSIs [Lab]
- LNK TTP with Parent Process De-Chaining [Lab]
Module 2: Tradecraft Development for Offensive Operations
- Tampering with a Productivity App [Lab]
- CSharp Essentials [Labs]
- Offensive C# Tradecraft [Labs] Windows API Essentials
- Utilizing Windows API for Red Team Profit [Lab]
Module 3: Evading Controls
- AMSI, CLM, Script Block Logging, ASR Rules Bypasses [Lab]
- Fileless UAC Bypass [Lab]
- Application Whitelisting: AppLocker, App Controls
- Credential Access
- Browser-based: Chrome & Firefox [Lab]
- Windows-based:
- PS-Readline Module
- Custom C# Dumper
- Bonus Access to Private Credential Dumper Tool
Module 4: Advanced Evasion & Telemetry Bypass
- Introduction to Telemetry Collection
- ETW & EDR Basics
- ETW Patching [Lab]
- AMSI + ETW Patching [Lab]
- General Evasion Areas [Lab]
- Native APIs
- Unhooking by Patching
- DLL Unhooking
- Direct Syscalls
< Course Outlines />
Training preview:
Step inside the StealthOps: Adversary Emulation & Enterprise Control Bypass experience. This preview illuminates the practical application of cutting-edge offensive security. Discover how resilient Red Team infrastructure is established, observe the development of evasive tooling, and comprehend the detailed steps involved in circumventing complex host, network, and cloud security controls. See firsthand the depth of technical expertise and the adversarial mindset you will cultivate to elevate your offensive and defensive capabilities against the most formidable threats.
Hashtags:
#RedTeamTraining #AdversaryEmulation #Nullcon #StealthOps #OffensiveSecurity #EDRBypass #APT_TTPs #CyberWarFareLabs #CyberSecurity
< WHAT TO BRING? />
- System with at least 16GB RAM having VMWare workstation installed
- Attacker Linux Box [Parrot/kali] with Internet Connectivity (NAT mode)
- The Windows based StealthOps VM (NAT mode). Attacker & Windows must ping each other.
- Free tier AWS, Azure account (optional, those who bring can do 1st day demos, other days not required)
(CWL team will share Training Materials (customized VM) & Lab Setup Details 10 days prior to the training date.)
< Training PREREQUISITE />
- Candidates with at least 2-3 years of pentesting experience
- Comfortable with command line environment and terminals
- Basic understanding of Python language
- Fair knowledge of Penetration Testing Methodology (MITRE Enterprise Framework)
< WHO SHOULD ATTEND? />
- Penetration Testers & Red Team Operators
- Infrastructure & Cloud Security Engineers
- Security Architects & Engineers
- SOC analysts
- Threat Hunting Team
- Last but not the least, anyone who is interested in strengthening their offensive and detection capabilities
< WHAT TO EXPECT? />
- Technical deep dive to OPSEC safe Infrastructure for red teams
- Hands-on of red team resource development to execution
- How NOT to setup the infrastructure and critical resources
- Lots of red team ideas with open discussion
< WHAT ATTENDEES WILL GET? />
- Virtual machine infrastructure provided by trainers, all course material including commands, slides, and enterprise lab walkthrough.
- 30 days of lab access to Simulated HealthCare Cyber Range Lab.
- CWL Enterprise Security Controls Attack Specialist (CESC-AS) course access.
< WHAT NOT TO EXPECT? />
- N Day or 0 Day of any commercial / open source software
- Request to create any custom bypasses / evasion software
- Theoretical content (nearly 80% of the training is practical)
< About the Trainer />
Manish Gupta, CEO at CyberWarFare Labs, possesses over 10.5 years of expertise in offensive Information Security. He previously served as a Red Team Operator and Team Lead at leading MNCs including Microsoft, Grab, and Citrix. Manish specializes in advanced Red Teaming activities across complex enterprise environments, encompassing both on-premise and multi-cloud infrastructures. His research focuses on real-world cyber attack simulation and Advanced Persistent Threat (APT) methodologies. A recognized expert, Manish has presented his findings at prestigious conferences such as Black Hat, DEF CON, Nullcon, BSides Chapters, X33fcon Poland, and NorthSec.
Yash Bharadwaj, Security R&D Director at CyberWarFare Labs, brings over 8.5 years of expertise in offensive security and threat emulation. He specializes in the discovery and operationalization of novel TTPs, developing advanced Red/Blue Team infrastructure, dissecting security control internals, and exploiting multi-cloud and on-premise environments. Yash is a recognized industry contributor, having delivered expert Red, Blue, and Purple Team training at leading global events including Black Hat, DEF CON, Nullcon, X33fcon, NorthSec, and various BSides and OWASP chapters.