About The Training

As the cyber threat landscape rapidly evolves, traditional security postures are increasingly insufficient. This training delivers the cutting-edge offensive tradecraft essential for identifying, understanding, and mitigating the most advanced persistent threats.

StealthOps: Adversary Emulation & Enterprise Control Bypass meticulously deconstructs modern threat actor methodologies. You'll master real-world APT Tactics, Techniques, and Procedures (TTPs) to silently circumvent hardened, patched, and actively monitored enterprise environments. From developing custom offensive tooling and resilient infrastructure to bypassing sophisticated host, network, and cloud security controls, this training provides the elite tradecraft and adversarial mindset.

Whether you are simulating advanced attacks or assessing your own environment’s resilience, this training provides the tradecraft, mindset, and tooling to operate like a real adversary.

NOTE: All participants post training will be provided with CWL Enterprise Security Controls Attack Specialist (CESC-AS) course access. 30 days of lab access to Simulated HealthCare Cyber Range Lab.

Basic;Intermediate

Module 1: Red Team Resource Development & TTPs

• OPSEC-Safe Red Team Infrastructure
  • On-Premise: Reverse Proxies and Custom VPN Tunneling
  • Cloud: Redirectors in AWS, Azure & GCP
• Phishing Infrastructure
  • OAuth Device Code Exploitation
  •  Utilizing Serverless Infrastructure for Phishing
  •  Red Team Infrastructure Automation via RedInfraCraft
  •  Initial Access Security Controls
  •  Working Initial Access Vectors
• Advanced Persistent Threat (APT) TTPs
  • Backdooring VS Code Packages
  •  DOTNET Serialization with Initial Access TTP [Lab]
  •  Backdooring MSIs [Lab]
  •  LNK TTP with Parent Process De-Chaining [Lab]

Module 2: Tradecraft Development for Offensive Operations

• Tampering with a Productivity App [Lab]
• CSharp Essentials [Labs]
•  Offensive C# Tradecraft [Labs] Windows API Essentials
• Utilizing Windows API for Red Team Profit [Lab]

Module 3: Evading Controls

• AMSI, CLM, Script Block Logging, ASR Rules Bypasses [Lab]
• Fileless UAC Bypass [Lab]
•  Application Whitelisting: AppLocker, App Controls
• Credential Access
  • Browser-based: Chrome & Firefox [Lab]
  •  Windows-based:
  •  PS-Readline Module
  •  Custom C# Dumper
  •  Bonus Access to Private Credential Dumper Tool

Module 4: Advanced Evasion & Telemetry Bypass

• Introduction to Telemetry Collection
• ETW & EDR Basics
•  ETW Patching [Lab]
•  AMSI + ETW Patching [Lab]
•  General Evasion Areas [Lab]
•  Native APIs
•  Unhooking by Patching
•  DLL Unhooking
•  Direct Syscalls

Training preview:

Step inside the StealthOps: Adversary Emulation & Enterprise Control Bypass experience. This preview illuminates the practical application of cutting-edge offensive security. Discover how resilient Red Team infrastructure is established, observe the development of evasive tooling, and comprehend the detailed steps involved in circumventing complex host, network, and cloud security controls. See firsthand the depth of technical expertise and the adversarial mindset you will cultivate to elevate your offensive and defensive capabilities against the most formidable threats.

Hashtags:

#RedTeamTraining #AdversaryEmulation #Nullcon #StealthOps #OffensiveSecurity #EDRBypass #APT_TTPs #CyberWarFareLabs #CyberSecurity

• System with at least 16GB RAM having VMWare workstation installed
• Attacker Linux Box [Parrot/kali] with Internet Connectivity (NAT mode)
• The Windows based StealthOps VM (NAT mode). Attacker & Windows must ping each other.
• Free tier AWS, Azure account (optional, those who bring can do 1st day demos, other days not required)

(CWL team will share Training Materials (customized VM) & Lab Setup Details 10 days prior to the training date.)

• Candidates with at least 2-3 years of pentesting experience
• Comfortable with command line environment and terminals
• Basic understanding of Python language
• Fair knowledge of Penetration Testing Methodology (MITRE Enterprise Framework)

• Penetration Testers & Red Team Operators
• Infrastructure & Cloud Security Engineers
• Security Architects & Engineers
• SOC analysts
•  Threat Hunting Team
• Last but not the least, anyone who is interested in strengthening their offensive and detection capabilities

• Technical deep dive to OPSEC safe Infrastructure for red teams
• Hands-on of red team resource development to execution
• How NOT to setup the infrastructure and critical resources
• Lots of red team ideas with open discussion

• Virtual machine infrastructure provided by trainers, all course material including commands, slides, and enterprise lab walkthrough.
• 30 days of lab access to Simulated HealthCare Cyber Range Lab.
• CWL Enterprise Security Controls Attack Specialist (CESC-AS) course access.

• N Day or 0 Day of any commercial / open source software
• Request to create any custom bypasses / evasion software
• Theoretical content (nearly 80% of the training is practical)