#REDX: Cobalt Strike (a deep dive) - adversary simulation from 0 to hero

The course is designed to provide experienced red teamers and pentesters with a comprehensive and detailed introduction to Cobalt Strike. 

The curriculum covers setting up infrastructure, creating a profile to customize the beacon, analyzing indicators of compromise and masking them from AV, as well as other techniques commonly used in offensive operations.

Why you should attend

Attending this course offers a unique opportunity to gain essential and practical skills in advanced Cobalt Strike usage and evasion techniques against modern security solutions. 

You will learn how to implement and customize sophisticated attacks, enhancing your ability to conduct effective penetration tests and tackle challenges in enterprise environments.

What you will learn

– Introduction & what is Cobalt Strike

– Architecture explained

  • Teamserver – beacon Relationship
  • Redirectors – what are they & theory
  • Configuring a redirector over Apache2

– C2 profiles explained

  • HTTPS certificates for encrypted communication
  • HTTP endpoint tempering (for decoy teamserver)
  • HTTP cookie tempering (for decoy teamserver)
  • Memory IoC

– Droppers

  • – C# basics
  • Writing our first dropper and executing the payload

– AV evasion

  • Antivirus explained (signature detection/heuristic detection + sandboxing explained)
  • ArtifactKit explained
  • ThreatCheck demo (+ Ghidra analysis)
  • Find-AVSignature demo (+ raw Powershell change in ShellCode)
  • Sandbox evasion – Guardrails explained (+ demo)
  • Heuristic evasion via process injection

– EDR basics evasion

  • EDR explained
  • Hooked endpoints enumeration (via HookDetector)
  • SleepMaskKit explained (+ demo)
  • ETW theory + memory patching via Cobalt Strike

Who is it for

  • Pentesters
  • Red team operators
  • Blue teamers
  • Technical individuals passionate about offensive security and custom tools development

Other information & prerequisites

Participants must bring their own laptop, and the following should be installed:

  • Git
  • Visual Studio – Community Edition with support for applications written in C# and C++
  • Obsidian
  • Python IDE
  • Language: ROMANIAN or ENGLISH
  • Duration: 8 hours
  • Minimum students: 8
  • Date: November 26th
  • Venue: To be announced
  • Price:
    • Before October 28th250 EURO + vat
    • After October 28th290 EURO + vat

#REDX: AV evasion techniques

The course “Advanced Techniques for Bypassing Antivirus and Sandboxes” is designed to provide participants with a detailed understanding of antivirus detection mechanisms, as well as bypass techniques and process injection.

Why you should attend

Attending this course offers a unique opportunity to fully understand the architecture of a Portable Executable and the Windows operating system. The theory will be enriched with advanced offensive techniques, ensuring that each participant learns the solid foundation of malware development on Windows systems.

What you will learn

– Introduction & motivation

– Antiviruses explained

  • Signature detection
  • Heuristic detection
  • Sandbox detection
  • Network detection

– Droppers

  • Theory
  • C# implementation (payload execution in current thread)
  • Scanning with ThreatCheck
  • Payload encoders
  • Payload encryption (Caesar Code, XOR, AES)

– Sandbox evasion

– Processes & threads

  • Theory
  • Local thread injection (+ C# implementation)
  • Remote process injection (+ C# Implementation)
  • Process hollowing

– Hiding Macros in Office Documents

– AMSI bypass

  • Theory of AMSI
  • WinDBG
  • AMSI Debugging
  • AMSI Memory Patching (explained)
  • AMSI Hardware Breakpoints Bypass (explained)

Other information & prerequisites

Participants must bring their own laptop, and the following should be installed:

  • Git
  • Visual Studio – Community Edition with support for applications written in C# and C++
  • Obsidian
  • Python ID
  • Duration: 8 hours
  • Minimum students: 8
  • Date: November 26th
  • Venue: To be announced
  • Price:
    • Before October 28th250 EURO + vat
    • After October 28th290 EURO + vat

FAQs

Q: What happens if there aren’t enough participants?
A: If we do not meet the minimum number of participants, you can either transfer to another workshop and pay or receive a refund for any difference in price, or opt for a full refund. You will be notified in advance and given options to choose what works best for you.

Q: Are food and accommodation included in the price?
A:
The workshop price covers food. However, accommodation is not included, but we can recommend nearby options for your convenience.

Q: Can I get a refund if I can’t attend after registering?
A:
Yes, full refunds are available up to 20 days before the workshop start date. However, if you cancel after that, we can offer only 50% of the price.

Q: How and when will I receive the details about the location and prerequisites?
A:
You will receive an email with all the necessary details, including the workshop location, prerequisites, and schedule, at least one week before the event. If you have any immediate questions, feel free to reach out to us directly.