StealthOps: Red Team Tradecraft Targeting Enterprise Security Controls



2 days

Delivery Method




Seats Available



2 days

Delivery Method





DATE: 15-16 May 2023

TIME: 11:30 to 19:30 IST/GMT+5.30

Date Day Time Duration
15 May Monday 11:30 to 19:30 IST/GMT+5.30 8 Hours
16 May Tuesday 11:30 to 19:30 IST/GMT+5.30 8 Hours

Candidates will get FULL 30 Days Lab Access after training which comes with technical support.

Most enterprises have improper placement and mis-configured security controls in their infrastructure. It is well known that attackers have evaded, circumvented and even abused these controls for their intention to gain access to critical assets.

Apex Threat Actors having advanced capabilities like leveraging in-memory implants, writing custom codes to evade AVs & EDR, moving laterally with custom made Tools, evading host and network level security solutions with covertness etc are constantly consolidating their attack techniques (and Tactics)
against Defensive Teams. To strengthen the enterprise grade security, the training is designed for penetration testers, system administrators and Blue Team members to understand different tactics, techniques and attacks used by adversaries.

Students will gain enough knowledge of the enterprise-grade security controls and how they can be stealthily evaded in Host-level, Network-level and Active Directory network. Class will go through the threat actors TTPs, writing custom scripts in C# & abusing Windows API for evading host & network controls to
abusing restrictions in Active Directory Environment of Windows & Linux platforms in order to better refine detection in an enterprise.


Module 1 (Red Team Resource Development)
  • Red Team Infrastructure Setup

– Mythic C2
– Domain Setup
– Redirector Setup

Cloud Premise
– On-Premises

– Payload Server
– Operational Security (OPSEC)

  • Initial Access Defenses
  • APT29 Initial Access Exercise
  • CSharp Beginner [4 Hands-on Labs]


Module 2 (Tradecraft Development for Offensive Operations)
  • Offensive C# Tradecraft [3 Hands-on Labs]
  • Windows API Essentials
  • Utilizing Windows API for Red Team Profit [4 Hands-on Lab]


Module 3 (Utilizing Tradecraft for Red Teaming in Hardened Environment)
  • Defense Evasion

– AMSI, CLM, ASR Rules, UAC Bypass, AppLocker, Credential Guard

  • Credential Access in Windows & Linux
  • Abusing Windows Features (PowerShell, LOLBAS, WSL)
  • AD Network:

– Constrained Delegation & Resource based constrained delegation
– Cross Forest Abuse Scenarios [5 Different Techniques]


Module 4
  • ETW & EDR’s
  • General Evasion Areas [4 Exercises]
  • Instructions to access the Enterprise Simulated Lab with updated & patched security controls [for practice]
  • Scope of Engagement [SOE]
  • Technical Support

**Candidates will get FULL 30 Days Lab Access after training which comes with technical support.


HealthCare Simulation Lab Architecture:

The cyber range lab has deployment of various HostLevel, NetworkLevel and AD Level security controls. Enterprise grade EDRs with cloudlevel protection are enabled, training will provide ways of bypassing these security controls in realtime.

Why You Should Take This Course

With the increase in Ransomware attacks, fortune companies and business critical companies have overlooked security controls placement and configuration. This training helps enhance visibility of Enterprise Based Security Controls.
This training focuses on the tactics, techniques, procedures and tools of Threat Groups – how stealthily do they operate, and how do they circumvent the security mechanisms employed in a patched & monitored environment.

Who Should Attend

  • Penetration Testers / Red Teams
  • System Administrators
  • Malware Developers
  • SOC analysts
  • Threat Hunting Team
  • Last but not the least, anyone who is interested in strengthening their offensive and detection capabilities

Key Learning Objectives

  • Candidates will get enhanced threat visibility capabilities in both Host & Network-level on Windows, Linux Environment.

  • Candidates will get to know how NOT to configure enterprise security controls
  • Prerequisite Knowledge

    • Comfortable with command line environment
    • Fair knowledge of Penetration Testing Methodology
    • Atleast 35 years of experience in Penetration Testing would be ideal for student to get the most out of this training

    Hardware / Software Requirements

    • Mac / Windows / Linux with RDP Client Installed
    • Cloud Machine will be provided during the training session
    What Students Will Be Provided With?
    Virtual machine infrastructure provided by trainers, all course material including commands, slides, and enterprise lab walkthrough, 30 days full lab access with technical support during and after the training class.
    Seamless Critical Infrastructure Simulation of HealthCare Facility as a Cyber Range Lab will be provided to the students.

    Your Instructor

    Yash Bharadwaj, Co-Founder & Technical architect at CyberWarFare Labs with over 4.5 Years of Experience as Technologist. Highly attentive towards finding, learning and discovering new TTP’s used during offensive engagements.

    His area of interest includes building Red / Blue team infrastructure, evading AVs & EDRs, Pwning Active Directory infrastructure, stealth enterprise networks & Multi cloud attacks. Previously he has delivered hands-on red / blue / purple team trainings / talks / workshops at Nullcon, X33fCon, NorthSec, BSIDES Chapters, OWASP, CISO Platform, YASCON. You can reach out to him on Twitter @flopyash

    Manish Gupta is Director of CyberWarFare Labs having 6.5+ years of expertise in offensive Information Security. Where he specializes in Red Teaming Activities on enterprise Environment. His Research interest includes Real World Cyber Attack Simulation and Advanced persistent Threat (APT). Previously he has presented his research at reputed conferences like Blackhat USA, DEFCON, Nullcon, BSIDES Chapters, X33fcon, NorthSec & other corporate trainings etc.