Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Red Team Adversary Emulation: Mimicking a real-world cyber attack
Introduction
Course Introduction (3:14)
What is Adversary Emulation?
Red Teaming vs Adversary Emulation (1:41)
Who are we going to breach? (3:31)
Attack Methodology & Attack Path (3:07)
Introduction to MITRE ATT&CK framework
Summary (0:55)
Resources
Setting up the attacker machine and tools
Overview (0:46)
Setting up Kali Linux (4:56)
Install / Download Tools (8:42)
Setup the web server to make tools accessible from the target network (3:17)
Setup the note taking environment using Cherry Tree (2:17)
Summary (0:26)
Recon
Overview (0:38)
Recon (OSINT) (6:53)
Recon (Dirbuster) (3:42)
Summary (1:13)
Initial compromise
Overview (0:30)
Gaining foothold (6:04)
Summary (1:06)
Escalate Privileges
Overview (0:23)
Privilege Escalation Recon (2:42)
Dirty Cow Exploit 101 (1:03)
Escalating Privileges (2:59)
Summary (1:37)
Persistence
Overview (0:39)
Establishing persistence via PoshC2 (6:27)
The Three Command and Control Tiers
Summary (0:44)
Internal Recon
Overview (0:24)
Internal Recon (Host Discovery and Port Scanning) (5:25)
Summary (1:10)
Lateral Movement
Overview (0:28)
Generating custom username and password lists (8:57)
Brute-forcing Outlook Web App (3:54)
Phishing an employee (Social Engineering) (7:51)
Summary (1:43)
Lateral Movement – Privilege Escalation
Overview (0:35)
Privilege Escalation Recon using PowerUp (2:37)
Unquoted Service Path Vulnerability 101 (1:03)
Checking Permissions (4:12)
Escalating Privileges (6:45)
Establishing persistence via PoshC2 (3:20)
Summary (1:30)
Lateral Movement – Domain Enumeration
Overview (0:40)
Collecting Active Directory domain information using SharpHound (3:01)
Analyzing Active Directory domain information using BloodHound (10:13)
Summary (1:35)
Lateral Movement – Domain Privilege Escalation
Overview (0:29)
Dumping credentials via Mimikatz (4:42)
Over-Pass-The-Hash Attack (7:00)
Establishing persistence on Domain Controller via PoshC2 (0:55)
Summary (1:42)
Domain Lateral Movement & Data Analysis
Overview (0:21)
Dumping Credentials from Domain Controller (3:50)
Accessing Database Administrator's machine (7:19)
Summary (1:51)
Data Analysis & Data Exfiltration
Overview (0:22)
Converting SSH Private Key (3:27)
SSH Tunnels 101 (2:16)
Establishing a Dynamic SSH Tunnel (4:27)
Loot (9:32)
Summary (1:27)
Attack Path Recap
Attack Path Recap (6:12)
Attack Path mapping with MITRE ATT&CK (2:16)
Deleting Footprints
Overview (0:22)
Deleting footprints from the web server (6:44)
Deleting footprints from user machine (Part1) (1:35)
Deleting footprints from user machine (Part2) (1:57)
Deleting footprints from Domain Controller (1:19)
Deleting footprints from user machine (Part3) (3:04)
Summary (0:49)
Observations & Recommendations
Overview (0:14)
Observations (2:21)
Recommendations (5:24)
Engagement Report
Engagement Report (5:50)
Adversary Emulation Key Metrics
Course Resources & Feedback
Course Resources & Feedback (2:03)
Feedback
Conclusion
Conclusion (1:47)
Lab Setup
Red Team Adversary Emulation Lab Access (Tax First Labz) (4:53)
Fetching AWS Account ID (0:42)
Creating AWS IAM Account (3:52)
Subscribing to Apache Guacamole AMI (1:18)
Lab Management via AKSH (16:00)
Teach online with
Brute-forcing Outlook Web App
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock