Adversary Simulation Training

Do you want to be the best resource when the red team is out of options? Can you understand, research, build, and integrate advanced new techniques into existing toolkits? Challenge yourself to move beyond blog posts, how-tos, and simple payloads. Let’s start simulating real world threats with real world methodology.
About The Course:

The front lines of real-world attacks move faster than defenses can keep up. Public exploits, proof of concepts, defensive bypasses, attack methodologies, and “tricks of the trade” are readily available. To match, sophisticated adversaries are constantly building custom code, integrating public research, and researching zero-day techniques for their operations. Do you want to be the best resource when the red team is out of options? Can you understand, research, build, and integrate advanced new techniques into existing toolkits? Challenge yourself to move beyond blog posts, how-to’s, and simple payloads.

This course is an extension of Dark Side Ops 1: Malware Dev and furthers participants’ abilities to think, operate, and develop tools just like sophisticated, real-world attackers. This includes the research of defensive bypasses, implementation of public research, and modification of toolkits to accomplish operational goals. If you want to 1) build confidence in your offensive approach and capabilities, 2) learn about and implement the techniques of stealthy malware and backdoors, and 3) achieve the operational results of a sophisticated adversary, then Dark Side Ops 2: Adversary Simulation is for you.

Learn How To:
  • Integrate

    and injest the latest offensive techniques into custom toolkits

  • Research

    and discover unpublished execution techniques

  • Build

    a rootkit and explore network traffic triggers for code execution

  • Implement

    flexible staging and code injection techniques

  • Reverse Engineer

    .NET applications to identify zero-day vulnerabilities

  • Understand

    and bypass “next-generation” endpoint protections

  • Develop

    and perform stealthy user-land persistence techniques

  • Design

    versatile malware, backdoors, and loaders to diversify your toolset and capabilities

Participants will receive source code to a variety of offensive tools, including custom shells, backdoors, C2 listening posts, and client-side exploitation techniques. To reinforce the knowledge provided through instruction, the modification and creation of the code is the focal point of every lab, allowing participants to take materials home for continued use.


Dark Side Ops 2: Adversary Simulation is ideal for offensive security enthusiasts who are ready to take their skills beyond the next public technique, tool, script, or fill-in-the-blank pentesting dependence. If you’re an operator or hobbyist interested in building and modifying custom offensive tools to bypass the latest offensive countermeasures, this course is for you. If you are a SOC analyst, developer, or incident responder who is interested in a malware development deep dive for hands-on learning, this course is for you.

L33t programming skills are not necessary to enjoy this course, and the labs are designed to provide two packed days regardless of previous experience. The material will focus solely on Windows environments, however some of the tooling and all of the theory could be applied to other operating systems as well. We truly believe participants will not leave this course disappointed.

Participants Should Have At Least:
  • An intermediate level of systems administration experience using Windows or Linux
  • Familiarity with an APT kill chain (initial access, persistence, lateral movement, etc.)
  • Experience with programming (however small or long ago)
Participants Benefit From:
  • Participation in Dark Side Ops 1: Malware Dev
  • Knowledge of modern offensive research and concepts
  • Familiarity with Windows internal concepts (tokens, handles, services, etc.)
  • Experience developing netsec scripts or tools (C++, Python, Powershell, etc.)
  • Experience with penetration testing techniques or frameworks (Metasploit, Cobalt Strike, etc.)
Virtual Course Format:

All registrants have access to the Dark Side Ops training course material for 90 days through our learning management software: moodle. All attendees will receive access to the following materials:

  • Video Lectures: Engaging video presentations bring the classroom to you, whenever you’re ready to learn.
  • Lab manual, slides, and other resources
  • Tons of custom code

Discover why security operations teams choose NetSPI.