Training 2017 - Modern Red Team Immersion Bootcamp

Training 2017 - Modern Red Team Immersion Bootcamp

From BruCON 2017

Jump to: navigation, search

Modern Red Team Immersion Bootcamp

The Modern Red Team Immersion Bootcamp is designed to expose students to the types of attacks that long term persistent Red Teams have deployed against modern organizations. The first day includes a deep dive of recon techniques and approaches where students will plan an attack against a target of their choosing. The second day focuses on post exploitation, lateral movement, and escalation techniques within modern environments comprised of OSX, Linux, Continuous Integration Systems, and elastic compute services.

Course Description

In reality penetration testing and red teaming are NOT synonyms. It's one thing to search for vulnerabilities, but it's entirely different when you operate in that fuzzy space between simulating an adversary and being the adversary. Welcome to the Modern Red Team Immersion Bootcamp where the focus is on strategy and realistic execution rather than tools and vulnerability findings.

In this training students will dive headfirst, immersing themselves, into a pool of deliberate self doubt, mental masochism, and tactical triumph. Those crazy enough will find themselves knee deep in recon and attack planning against a target of their choosing and will engage in the subtle art of balancing the liberty of a true no-scope-yoloswag red team engagement with the need to achieve a specific desired impact, normally that means stealing the most important stuff without getting caught. Students can expect to be challenged to know their enemy, define impactful targets, craft a fool proof targeted spear phish, get up in that west coast post exploitation vector swag, exfiltrate that sweet big data booty, and more! Not to worry, nothing illegal will be permitted.

Fancy words aside, this class is designed to throw you into the exact process we use on our Red Team engagements. You will be performing recon and developing an attack strategy against an actual target of your choosing. In post exploitation labs expect to attack OSX, Linux, and elastic compute environments modeled around what we encounter most often in the real world.

Course Contents

  • The Art of Yoloscoping
    • Introspection
    • Red Team definition
    • Scope
    • Mindset
    • Lab Setup
  • Target Selection
    • What types of things can be a target?
    • Impact driven targeting
    • Students will pick their own targets
  • Recon
    • General Recon
    • Perimeter Recon
    • Social Recon
    • Cheats
  • Perimeter Breach
    • Perimeter Service Abuse
    • Public Credential Reuse Tricks
    • Targeted Social Engineering and Spear Phishing
    • Social / Physical
    • Malware Considerations
    • Students will craft a spear phishing attack script
  • Opsec
    • Avoiding operational security pitfalls
  • Escalation
    • Post Exploitation 101
    • Userland password stealing techniques
    • Application Secret stealing techniques
    • 2FA Bypass Techniques
    • AWS Post Exploitation
  • Lateral Movement
    • Lateral Movement Path Visualization
    • Credential Harvesting Techniques
    • Piggybacking users to bypass 2FA
    • Tunneling and Proxying
    • Continuous Dis-integration techniques
  • Persistence
    • Live fire persistence

Target audience

This class is effective for those looking to learn about new attack techniques that target a modern Bay Area Silicon Valley esque attack surface. Think Big SAAS, think cloud, think startup, etc. No previous penetration testing knowledge is needed but each student must be comfortable using a command line and troubleshooting issues for themselves. If you're comfortable using the ssh command to connect to systems and are ready to bring an evil and open mind this class is for you. Penetration testing veterans who are accustomed to the attack surface of Microsoft Windows based environments are sure to learn new tricks as this class does NOT bother to reiterate already well documented methods.


Some familiarity with basic penetration testing concepts will be helpful, but is not absolutely required. Proficiency using a command line and search engine in conjunction to solve problems is highly recommended to enjoy the class. Access to both an OSX and Linux laptop or virtual machine with internet connection is required to access labs and complete course content. The recommended setup is an OSX laptop with a Kali or Ubuntu Virtual Machine. If you are unable to meet this requirement you can still take and enjoy the class but please be advised that approximately 20% of the course’s hands-on lab content will require OSX. It is advised to have VMWare Fusion or VMWare Workstation installed in advance.

Class is BYOB, instructor accepts bribes.

Trainer Biography


Josh Schwartz, @FuzzyNop, is a computer that knows how to computer. He leads the Offensive Security Program at Salesforce and doesn’t afraid of anything.

300px-twitter-icon.jpg @FuzzyNop

Links :

Mon. 2 - 3 October 2017 (09:00 - 17:00) (2-day) - NH Gent Belfort


Back to Training Overview