SANS SEC564: Red Team Operations and Threat Emulation

موسسه SANS یکی از معتبرترین و بزرگترین مراکز آموزشی دوره های امنیت سایبری در دنیا می باشد. موسسه SANS دوره های خود را در گرایش های مختلف اعم از تست نفوذ، جرائم رایانه ای، امنیت شبکه و بازرسی سیستم ها ارائه می دهد. مدارک شرکت SANS را GIAC صادر می کنند.

لینک دانلود SANS SEC564: Red Team Operations and Threat Emulation 2017

دانلود – حجم : 61 مگابایت

رمز فایل:

Red Teaming is the process of using tactics, techniques, and procedures (TTPs) to emulate real-world threats to train and measure the effectiveness of the people, processes, and technology used to defend environments. Built on the fundamentals of penetration testing, Red Teaming uses a comprehensive approach to gain insight into an organization’s overall security to test its ability to detect, respond to, and recover from an attack. When properly conducted, Red Team activities significantly improve an organization’s security controls, help hone defensive capabilities, and measure the effectiveness of security operations.

The Red Team concept requires a different approach from a typical security test and relies heavily on well-defined TTPs, which are critical to successfully emulating a realistic threat or adversary. Red Team results exceed a typical list of penetration test vulnerabilities, provide a deeper understanding of how an organization would perform against an actual threat, and identify where security strengths and weaknesses exist.

Whether you support a defensive or offensive role in security, understanding how Red Teams can be used to improve security is extremely valuable. Organizations spend a great deal of time and money on the security of their systems, and it is critical to have professionals who can effectively and efficiently operate them. SEC564 will provide you with the skills to manage and operate a Red Team, conduct Red Team engagements, and understand the role of a Red Team and its importance in security testing. This two-day course will explore Red Team concepts in-depth, provide the fundamentals of threat emulation, and help you reinforce your organization’s security posture.

SEC564.1: Planning and Management of Red Team Operations


Day 1 begins by introducing Red Team topics, concepts, and ideas. You will learn what Red Teaming is, how it is used, and how it compares to other security testing types, such as vulnerability assessments and penetration tests. Several topics, concepts, and ideas that are specific to Red Teams, and which constitute the critical foundation of Red Teaming, are examined in order to provide a solid base of understanding.

  • Adversarial Mindset Challenge
  • Setting up an Attack Platform
  • Analyzing, Understanding, and Controlling User-Agent IOCs
  • Decomposing a Threat
  • Red Teaming Definitions, Assumptions, and Expectations
  • Common Red Teaming Terms
  • Security Misconceptions and Assumptions
  • History and Origin
  • Red Teaming Introductions
  • How Red Teaming Compares to Other Security Tests
  • Red Team’s Role in Blue Team Training
  • Live Assessment Example
  • Red Teaming Concepts
  • Red Team Roles and Responsibilities
  • Standard Attack Platform
  • Engagement Planning
  • Understanding and Controlling Tool Indicators
  • Threat Planning
  • Threat Perspective
  • Threat Emulation Scenarios
  • Red Team Goals
  • Social Engineering
  • Other Red Team Engagement Concepts
  • Handling Client Data
  • Engagement Frequency
  • How to Succeed

SEC564.2: Red Team Engagement Execution


Day 2 continues with engagement execution and a focus on Red Team tools and techniques. The day is filled with exercises that walk students through a mock Red Team engagement. Multiple Red Teaming phases are explored that use realistic TTPs to ultimately impact the target organization’s supply chain. During the exercises, you manage and control indicators of compromise (IOCs), design custom command and control channels, and use unique command and control tools. You will also learn Red Teaming concepts needed to control and manage a Red Team. These concepts include how to interface with clients, collect and log engagement artifacts, successfully execute an engagement, manage deconfliction, properly end an engagement, and deliver a professional report.

  • Using Web Shells to Support C2
  • C2 Design and Customization – PowerShell Empire
  • Performing an Operational Impact Against an ICS System
  • Red Team Engagement Execution
  • Data Collection
  • Tradecraft and TTPs
  • Execution Concepts
  • Tools and Techniques
  • Engagement Background
  • Engagement Culmination
  • Red Team Engagement Reporting
  • Design


آدرس ایمیل شما منتشر نخواهد شد.