The front lines of real-world attacks move faster than defenses can keep up. Public exploits, proof of concepts, defensive bypasses, attack methodologies, and “tricks of the trade” are readily available. To match, sophisticated adversaries are constantly building custom code, integrating public research, and researching zero-day techniques for their operations. Do you want to be the best resource when the red team is out of options? Can you understand, research, build, and integrate advanced new techniques into existing toolkits? Challenge yourself to move beyond blog posts, how-to’s, and simple payloads.
This course is an extension of Dark Side Ops 1: Malware Dev and furthers participants’ abilities to think, operate, and develop tools just like sophisticated, real-world attackers. This includes the research of defensive bypasses, implementation of public research, and modification of toolkits to accomplish operational goals. If you want to 1) build confidence in your offensive approach and capabilities, 2) learn about and implement the techniques of stealthy malware and backdoors, and 3) achieve the operational results of a sophisticated adversary, then Dark Side Ops 2: Adversary Simulation is for you.
Learn how to:
and injest the latest offensive techniques into custom toolkits
and discover unpublished execution techniques
a rootkit and explore network traffic triggers for code execution
flexible staging and code injection techniques
.NET applications to identify zero-day vulnerabilities
and bypass “next-generation” endpoint protections
and perform stealthy user-land persistence techniques
versatile malware, backdoors, and loaders to diversify your toolset and capabilities
Participants will receive source code to a variety of offensive tools, including custom shells, backdoors, C2 listening posts, and client-side exploitation techniques. To reinforce the knowledge provided through instruction, the modification and creation of the code is the focal point of every lab, allowing participants to take materials home for continued use.
Dark Side Ops 2: Adversary Simulation is ideal for offensive security enthusiasts who are ready to take their skills beyond the next public technique, tool, script, or fill-in-the-blank pentesting dependence. If you’re an operator or hobbyist interested in building and modifying custom offensive tools to bypass the latest offensive countermeasures, this course is for you. If you are a SOC analyst, developer, or incident responder who is interested in a malware development deep dive for hands-on learning, this course is for you.
L33t programming skills are not necessary to enjoy this course, and the labs are designed to provide two packed days regardless of previous experience. The material will focus solely on Windows environments, however some of the tooling and all of the theory could be applied to other operating systems as well. We truly believe participants will not leave this course disappointed.
- An intermediate level of systems administration experience using Windows or Linux
- Familiarity with an APT kill chain (initial access, persistence, lateral movement, etc)
- Experience with programming (however small or long ago)
- Participation in Dark Side Ops 1: Malware Dev
- Knowledge of modern offensive research and concepts
- Familiarity with Windows internal concepts (tokens, handles, services, etc)
- Experience developing netsec scripts or tools (C++, Python, Powershell, etc)
- Experience with penetration testing techniques or frameworks (Metasploit, Cobalt Strike, etc)