Course curriculum

  • 1

    MODULE 00: Welcome & Intro

    • Intro To The Training

    • Training Prerequisites

  • 2

    MODULE 01: APT Attacks & Red Team Infrastructure on AWS

  • 3

    MODULE 02: Phishing & Social Engineering Mastery

    • Step 01: Build Your Phishing Story

    • Step 02: Register Your Smartly Chosen Domains

    • Step 03: Craft Your First Phishing Campaign

    • Step 04: Bypass 2FA With Evilginx2

    • Labs & Slides

  • 4

    MODULE 03: Initial Access: Get your foot into the organization network

    • Spearphishing With Malicious Files

    • Spearphishing With Malicious Documents (Hands-on)

    • Advanced VBA Macros Techniques (Hands-on)

    • Simple Attack Payloads - Download and Execute

    • Different Techniques of Initial Access

    • Advanced Macros - COM Objects

    • Advanced Macros - XSL Stylesheets

    • Labs & Slides

  • 5

    MODULE 04: Write Your Own HTTP Malware

    • C++ Programming Refresher - Memory & Variables

    • C++ Programming Refresher - Conditional Jumps

    • C++ Programming Refresher - Windows APIs

    • Malware Development - Send a Request to C&C

    • Malware Development - Encode Our Messages with Base64

    • Malware Development - Send and Receive Messages

    • Labs & Slides

  • 6

    MODULE 05: Implement a Plugin Framework in your Malware With Keylogger Plugin

  • 7

    MODULE 06: ​Maintaining Persistence In-Depth (Advanced Techniques)

    • Maintaining Persistence - Keep Your Malware Running after Restart

    • Maintaining Persistence - Keep Your Malware Running after Restart Part 2

    • Maintaining Persistence - Advanced Techniques.

    • Maintaining Persistence (Hands-on)

    • Labs & Slides

  • 8

    MODULE 07: ​Rooting: Privilege Escalation Techniques

    • Privilege Escalation - UAC Bypass

    • Advanced Privilege Escalation Techniques

    • Privilege Escalation and UAC Bypass (Hands-on)

    • Privilege Escalation Tools - PowerSploit (Hands-on)

    • Labs & Slides

  • 9

    MODULE 08: Malware Obfuscation: Bypass File Signature Scanning

    • Defense Evasion - Strings Encryption (Hands-on)

    • Defense Evasion - API Obfuscation (Hands-on)

    • Defense Evasion - Bypass Signature based Tool Through Blending In

    • Labs & Slides

  • 10

    MODULE 09: Network Obfuscation: Bypass IDS, IPS, NDR and Machine learning based tools

    • Defense Evasion - Encrypt Your Traffic

    • Defense Evasion - Encrypt Your Traffic with RC4 (Hands-on)

    • Defense Evasion - Encrypt Your Traffic with RC4 Part 2 (Hands-on)

    • Defense Evasion - HTML Smuggling

    • Defense Evasion - HTML Smuggling (Hands-on)

    • Labs & Slides

  • 11

    MODULE 10: Bypass EDRs & Behavioral-Based Detection

    • Sandbox Bypassing and Process Injection

    • How EDR works, Intro To API Hooking

    • Bypassing EDR Technologies

    • Bypassing EDR Technologies (Hands-on)

    • AMSI Bypass (VBA and Powershell Protections)

    • Labs & Slides

  • 12

    MODULE 11: Impersonating Users: Credential Theft & Token Impersonalization

    • Authentication, Authorization & Logon Type

    • Stealing Credentials From lsass.exe

    • Bypassing lsass Protections

    • Token Impersonation

    • Token Impersonation (Hands-on)

    • Domain Controller NTDS.dit Credential Theft (Hands-on)

    • Labs & Slides

  • 13

    MODULE 12: Hack the Domain COntroller Through Lateral Movements

    • Active Directory Reconnaissance & Network Discovery

    • Lateral Movement - NTLM Attacks & Kerberos Authentication

    • Advanced Kerberos Attacks

    • Labs & Slides