evil300

Opsec Monitor & Alerts

Bring Your Own Browser

Simulated Users

Learning Platform

Virtual Lab

Modern day APT’s (Advanced Persistent Threat) are relentlessly developing new Opsec and tools that allow them to successfully compromise hardened targets for a variety of motivations. To avoid detection against organizations with mature security programs, you need to ensure you are using the latest Opsec and techniques. Students must prove their ability to identify impactful misconfigurations and execute advanced, organized attacks in a controlled and focused manner. How strong is your APT arsenal?

This self-paced online advanced pentest training lab requires students apply new advanced persistent threat Opsec and techniques against a hardened heterogeneous network. Students are immersed in a Active Directory corporate environment, up-to-date and patched operating systems, modern defenses, with active and passive host-based alerting malicious activities. Simulated corporate users performing routine logins and mounting share drives generate real-world network activity essential to completing the lab.

What will you learn?

  • Evading endpoint protections
  • Passing the Hash techniques
  • Active Directory Enumeration and Escalation
  • Advanced lateral movement in a secure environment
  • Abusing Domain Trusts
  • NTLM Relaying
  • Kerberos Delegation Attacks
  • Privilege Escalation
  • Web Application Attacks
  • Escape from restricted environments on Linux and Windows
  • Breaking out of the beachhead
  • List Achieve objectives via data mining and exfiltration
  • Tool expertise with Impacket, Rubeus, BloodHound, Responder, NTLM Relayx, and others!

Features

Real time Opsec Monitoring and Alerting

Not only will you hone skills, expand your knowledge, and improve tool set awareness but now there’s another often overlooked aspect that’s critical to success. Simply gaining Domain Admin in the Evil APT lab isn’t the only objective. Other labs only measure student success by collecting flags or by the number of VM’s completed with admin or root privileges.

Can you complete Evil APT with the fewest detection or even zero alerts from the monitoring services? It may take multiple attempts with a variety of tools and techniques to perfect the ideal combination of speed and usability with the least alerting Opsec.

evil300-archangel

Archangel

We’ve combined a custom developed Windows host monitoring and real time alerting agent, Archangel, with the Mitre Att&ck framework to bring all your digital footprints into a single location. By improving your Opsec (Operational Security), you’ll avoid detection by security teams, incident response, and antivirus services. Real time alerting is there to remind you of Opsec concerns and provide tips and recommendations for alternative techniques.

siem-hosts-events-graph

SIEM Dashboard

As you complete the lab, hunt for yourself and other students to improve your Opsec.  Use advanced analytics capabilities such as SQL declarative languages, graphing, structured streamed, and even machine learning over an ELK stack.

Simulated Corporate Network

Our lab simulates a real world network environment, with active corporate users performing routine tasks.  Identify and leverage their activities to complete the objectives of the lab.

Ready to get started?

Subscribe Now

Intended Audience

This lab is designed for attendees who have experience performing pentests and want to take their skill set to the next level. You will
learn cutting-edge techniques using modern attacks and test yourself in an environment that is based on real-world networks. Enhance your Opsec awareness with alternative techniques and expand your tool set expertise.​

Lab Prerequisite

  • Working familiarity with Kali Linux and/or the Linux command line
  • Target enumeration and vulnerability identification
  • Basic scripting experience with Bash and/or Python
  • Conducting remote, local privilege escalation, and client-side attacks
  • Leveraging tunneling techniques to pivot between networks
  • Active Directory foundational understanding
  • Basic Active Directory attacks
  • A solid understanding of TCP/IP and networking concepts

Students should also be well versed with the fundamentals of penetration testing. Students should be comfortable with general penetration testing
and red teaming concepts, operating in a Windows domain environment and Linux hosts. After reviewing source code, student should be to gain a
general understanding of how a tool works.

Students should have equivalent knowledge or skills in the following areas:

What Students Should Bring

Students will need to bring a laptop with their favorite web browser. No need to install additional applications to gain access to the virtual lab.