Modern Windows Attacks and Defense

Jared Haight (@jaredhaight) & Sean Metcalf (@PyroTek3)

Course Description:

In this two day course, students will learn how to leverage built in Windows features and technologies to secure their environment from common (and uncommon) attacks. We’ll cover topics such as hindering lateral account movement, how to manage your environment without leaving your credentials all over the place, and how to detect and respond to malicious activity on your network. The hands-on course starts out with protecting against very simple attacks and ramps up to more advanced attacks and solutions.  At each stage students will practice the attacks that are used in the wild and then implement security controls to stop them giving them an in-depth understanding of how to leverage and protect against a variety of attacks.


Students will be required to bring their own laptops for the class. Laptops should have an updated installation of Microsoft’s Remote Desktop Client software. MacOS users should install the client from the app store, Linux users should install Remmina or another RDP client that supports NLA.


Jared Haight is a member of X-Force Red where he helps to improve security by simulating advanced attackers. He is passionate about finding and learning new attack techniques and helping to mitigate them.

Sean Metcalf is founder and principal consultant at Trimarc, a professional services company which focuses on improving enterprise security. He is one of about 100 people in the world who holds the Microsoft Certified Master Directory Services (MCM) certification, and has presented on Active Directory attack and defense at Black Hat, BSides, DEF CON, DerbyCon, Microsoft BlueHat, Shakacon and Walmart Sp4rkCon security conferences. He currently provides security consulting services to customers and posts interesting Active Directory security information on his blog,



Practical Burp Suite Pro: Advanced Tactics (PBAT)

Tim (@lanmaster53) Tomes

Course Description:

Do you feel pretty good about your Web Application Security testing methodology, but think you might be able to get more out of your tools? Years of experience providing instruction on the process of conducting Web Application Security assessments has made it clear. Even the most experienced testers lack a complete understanding of everything that is available in the industry’s #1 Web Application Security testing tool: PortSwigger’s Burp Suite Pro. It’s time to fix that with PBAT. PBAT provides comprehensive training on the capabilities of Burp Suite Pro and the practical application of these capabilities in real world web application penetration testing engagements. The instructor will introduce the various components of Burp Suite Pro, discussing their purpose and limitations, and lead students in realistic scenario driven hands-on exercises leveraging the components against a modern web application. As the scenarios unfold, the instructor will share tips and tricks for using Burp Suite Pro gained from years of personal usage experience and extensive research into the tool’s capabilities and ongoing expansion.

As a Portswigger Preferred Burp Suite Pro Trainer, Tim is a trusted source for comprehensive training on Burp Suite Pro v2.0. Since v2.0 was announced in August 2018, Tim has been the leader in researching and demystifying the differences between the stable and beta versions of Burp Suite Pro, and assisting Web Application Security professionals in the transition.

PBAT is 100% focused on Burp Suite Pro v2.0 and does not address the methodology and process of web application penetration testing or specific vulnerabilities. However, the class is taught within the context of a web application penetration test in order to provide realistic scenarios for the tool’s usage. While not an official continuation of Practical Web Application Penetration Testing (PWAPT), PBAT is a great follow-up for students who have previously attended PWAPT.

More info and testimonials can be found at

Students will receive a ~3 week trial license for Burp Suite Pro to use during and after the course.

* Laptop with the latest VMware Player, VMware Workstation, or VWware Fusion installed. Other virtualization software such as Parallels or VirtualBox will probably work if the attendee is familiar with its functionality. However, VMware Player should be prepared as a backup.
* Ability to disable all security software on their laptop such as Antivirus and/or firewalls (Administrator).
* At least twenty (20) GB of hard drive space.
* At least four (4) GB of RAM.


Tim is an independent Web Application Security Engineer and the Founder of PractiSec (Practical Security Services). With extensive experience in Web Application Security and Software Development, Tim currently manages multiple open source software projects such as the Recon-ng Framework, the HoneyBadger Geolocation Framework, and PwnedHub, writes technical articles at, and frequently instructs and presents on Web Application Security topics at major Information Security conferences such as DerbyCon, ShmooCon, Black Hat and SANS.



Advanced Attack Infrastructure

Jason Lang, Hans Lakhan

Still sending shells directly to your private C2 server? This course will teach you how to proxy your traffic through the cloud (AWS), ensuring your C2 endpoints are protected at all times. We will cover dealing with incoming sandbox connections, domain categorization, and complete infrastructure buildout start to phish. 🙂

Students will come away with full knowledge of how to build out a red team infrastructure capable of handling the demands of modern red teaming, including supporting multiple team members and clients simultaneously while ensuring your C2 servers are protected from prying defenders. Adding Red Elk this year for maximum effort!


Students will need a laptop capable of running Windows 7/10 (at least 40GB free space) in a VM via Fusion/Workstation. Materials and VMs will be provided upon arrival. Additionally, students will be required to register for a free AWS account *prior* to coming to class.
It would be extremely helpful if students were familiar with the process of standing up and logging in to free-tier Ubuntu servers.

Note about AWS: free-tier instances are used exclusively during the class but they have limits (currently 750 free running hours a month for new accounts). Students will be instructed on how to stand up and stop free tier instances to ensure they stay free, but trainers/DerbyCon are not liable for additional costs if students keep their instances running beyond the duration of the class.

Jason Lang (@curi0usJack) is a caffeine-imbued coding hermit, briefly emerging from the Wisconsin woods to congregate with other infosec & PowerShell lovers. Proficient in { }’s and trollery, Jason spends his days on the prowl for customer data and evenings in off-the-grid pursuits. #Nano4lyfe

Hans Lahkan (@jarsnah12) is the master operator of multiple AI systems that leverage software defined synergies to cloud hyper converge bios. Thru many years of experience Hans has created a neural network with machine learning that can output biographies. Hans likes to code in Ruby, this AI prefers the one true language of assembly. Hans once neglected his machine slaves for a 48hr DnD marathon. Hans doesn’t love me… 000001010100001001 Aismov override.



Python For OS Hacking

Spencer McIntyre

This course will cover using Python to interact with native system functionality on Windows and Linux. The focus of the class will be building on the basic theory behind the common APIs that are relevant for many security-related tasks including memory manipulation, shellcode injection, and process hooking.
Throughout the course, students will learn how to create low-level wrappers of Python code to leverage existing functionality and combine these pieces to create basic tool sets.


* A system capable of running either VMWare or Virtual Box images
* At least 80 GiB of free disk space
* At least 16 GiB of RAM

Spencer McIntyre works for a US-based consulting firm doing R&D. He is an avid open source contributor and Python enthusiast.



Introduction to Malware Analysis

Tyler Hudak

Due to the prevalence and business impact of malware, security professionals increasingly need the skills necessary to analyze ransomware, trojan horses and other computer viruses. This two day course teaches attendees the proven concepts, techniques and processes for analyzing malware. Students will take multiple “from-the-wild” malware samples in a hands-on environment and learn how to analyze their characteristics and behavior to determine what they do and what risk they present. The course culminates in an analysis that utilizes all of the tools and techniques that have been learned.

No previous malware analysis experience is necessary as this course is designed for those who have never performed malware analysis before.

Technical Skills: No previous experience in malware analysis is necessary as this course is designed for those who have never performed it before. High-level understanding of malware is recommended, and students must be experienced with a virtual machine (e.g. taking snapshots, etc.)

Class Materials Needed: Students will be required to bring their own laptops for the class. Laptops will need a VMWare Workstation or VirtualBox installation with an install of Windows (7 or higher) as the guest OS prior to the class. All other tools will be provided.

Currently the Practice Lead of Incident Response for TrustedSec, Tyler has over 20 years of real-world experience in incident handling, malware analysis, computer forensics, and information security for multiple organizations. He has spoken and taught at a number of security conferences about topics ranging from incident response to penetration testing techniques.



Practical OSINT for Everyday Social Engineers
Ryan MacDougall Sr. Social Engineer Pentester (@joemontmania)
Colin Hadnagy Human Risk Analyst (@UnmaskedSE)


Information is the lifeblood of the social engineer. But there is now so much information available that it can be overwhelming. How can we dial in and narrow your focus in ways that will enhance your social engineering abilities? This course will show you the techniques, tricks, and tips used by the professional social engineering penetration testers of Social-Engineer, LLC. This two-day course is not a laundry list of tools. We will share the methodology, processes, and our own experiences that allow us to successfully apply information to plan and launch realistic SE scenarios for our clientele. Having the information is only half of what you need.

This class is designed with a live practical challenge as part of the class that you will get a chance to put your skills to applicable use – live and in person.

Laptop with wireless network card, Win/Linux/MacOS remote desktop client (for use with Microsoft RDP), Willingness to learn new things, Willingness to work as part of a team.

Ryan MacDougall’s areas of expertise include network penetration testing, application security, protocol analysis and social engineering. Ryan began his career in operations, building and securing large networks for financial and telecommunications industries, including a global network across 6 countries consisting of 3 data centers and 8 regional offices. In his 10 years running operations in a company that grew through M&A activities, acquiring, integrating, and standardizing operations, he developed a deep understanding and insight into fundamental flaws present in a wide variety of enterprise environments. Ryan has his OSCP, GWAPT, SEPP and MLSE certifications. He now is a senior social engineer pentester for Social-Engineer LLC and helps run operations on penetration tests and exercises against their clients, as well as train students in OSINT methodologies and techniques.



A Guide to Active Defense, Cyber Deception and Hacking Back

John Strand

Active Defenses have been capturing a large amount of attention in the media lately. There are those who thirst for vengeance and want to directly attack the attackers. There are those who believe that any sort of active response directed at an attacker is wrong. We believe the answer is somewhere in between.

In this class, you will learn how to force an attacker to take more moves to attack your network. These moves may increase your ability to detect them. You will learn how to gain better attribution as to who is attacking you and why. You will also find out how to get access to a bad guy’s system. And most importantly, you will find out how to do the above legally.

The current threat landscape is shifting. Traditional defenses are failing us. We need to develop new strategies to defend ourselves. Even more importantly, we need to better understand who is attacking us and why. Some of the things we talk about you may implement immediately, others may take you a while to implement. Either way, consider what we discuss as a collection of tools at your disposal when you need them to annoy attackers, attribute who is attacking you and, finally, attack the attackers.

This class is based on the DARPA funded Active Defense Harbinger Distribution live Linux environment. This VM is built from the ground up for defenders to quickly implement Active Defenses in their environments. This class is also very heavy with hands-on labs. We will not just talk about Active Defenses. We will be doing hands-on labs and through them in a way that can be quickly and easily implemented in your environment.

x64-compatible 2.0 GHz CPU minimum or higher
USB port
8 GB RAM or higher required. 16 recommended.
Ethernet adapter (a wired connection is required in class; if your laptop supports only wireless, please make sure to bring an Ethernet adapter with you)
External USB Wireless adapter
40 GB available hard drive space
Windows 10


John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.  He is a coveted speaker and much Senior SANS Instructor.



Windows Post-Exploitation Subverting the Core

Ruben Boonen (@FuzzySec)

This training will focus on all major aspects of the Windows post-exploitation process: breaking restricted environments, subverting operating system controls, privilege escalation (logic/configuration/permission/software bugs), bypassing User Account Control (UAC) and persistence. The training will be beneficial to attackers and defenders alike. Participants will gain an in-depth understanding of common pitfalls when configuring the Windows estate. They will see what tools the attacker has at his disposal, how to live-off-the-land and where to achieve long-term residence when access has been acquired. All sections of the training are accompanied by intense hands-on labs where students will put the theory into practice. The training will simulate real-world environments allowing attendees to later directly apply the content in the field! A detailed understanding of Windows is not required to attend the training, however a basic familiarity with the windows command line (cmd/PowerShell), the Sysinternals Suite and certain concepts such as schedule tasks, services and UAC will be greatly beneficial.

– A laptop with either VMWare or VirtualBox installed.
– Enough system resources to run x2 virtual machines simultaneously.
– 30GB free hard disk space.


Ruben Boonen (@FuzzySec) is part of FireEye’s Technical Operations & Reverse Engineering (TORE) team where he researches, identifies and analyses attacker trade-craft. Before joining FireEye he was a senior security consultant who performed hundreds of assessments for private and public sector entities. He holds a number of industry recognized security certifications such as the OSCE, OSEE and CREST CCT INF. While he has lead a wide variety of engagements he has developed a specialty for red teaming and Windows post-exploitation. His areas of research include client-side attacks, privilege escalation, Windows internals, Windows kernel exploitation, restricted environment breakouts, persistence and PowerShell. In his free time Ruben loves to give back to the InfoSec community. He has been an assistant trainer at Black Hat USA, delivered training at Hack In Paris and has delivered workshops at DefCon, 44Con and various BSides events. He maintains an InfoSec blog ( and GitHub account ( where he publishes research on a variety of topics.



Advanced Memory Corruption for Exploitation

Dr. Jared DeMott, @jareddemott
John Stigerwalkt,  @jstigerwalt1
Matt White, @vdalabs

As we learned in our first class (Application Security: for Hackers and Developers), there are almost always bugs in code.  We found them by static/auditing, dynamic/fuzzing, reversing code, and more. Then we crafted exploits. To counter this reality, vendors have developed a variety of protections.
In this class we continue the battle.  We describe a number of modern day protections: things like EMET, Isolated Heap, and CFG.  We then perform hands-on lab work to show how bypasses can be constructed. This build-and-break teaching style provides the tools for vulnerability researchers, security engineers, and developers to perform cutting edge work.  The second half of the class is all about the kernel. You will learn how to debug, audit, fuzz, and exploit kernel code. The class is fast paced, but low stress and fun. Prepare to learn!

Student Requirements:
No hard prerequisites, but helpful to have taking our prior AppSec course, but you will still get a lot out of the course even if you lack that, so no fears. All questions are good questions in VDA classes. We have a fun but instructive and intense learning experience. You won’t walk away disappointed.

What Students Should Bring:
Students are required to provide a laptop for the course.  You need admin rights on the laptop. Your laptop should have a USB port, at least 100GB of free HD space, 8GB of RAM, and VMware Fusion for the Mac or workstation/player for Windows/Linux.   Vmware should be installed ahead of time, or you’ll spend a bit of class time doing that.

What Students Will Be Provided With:
You will be given 3 VMs. Copy the data to your disk drive, and pass the portable Media to your neighbor.  You will need a normal USB port (bring an adapter if you have the newer/smaller USB-C) and an OS that can read an ExFat file system thumb drive. (Most Mac and Windows have that, but with Linux, check for the driver.) You may not share course media with non-students.


Dr. Jared DeMott has been training at conferences like Black Hat and DerbyCon for over 12 years.  He’s the founder of VDA Labs, and previously served as a vulnerability analyst with the NSA. He holds a PhD from Michigan State University. He regularly speaks on vulnerabilities at conferences like RSA, ToorCon, GrrCon, HITB, etc. He was a finalist in Microsoft’s BlueHat prize contest, which helped make Microsoft customers more secure. Dr. DeMott has been on three winning Defcon capture-the-flag teams, and has been an invited lecturer at prestigious institutions such as the United States Military Academy. Jared is also a Pluralsight author, and is often quoted online and has made TV appearances.

John Stigerwalt is a cyber security engineer who is experienced in penetration testing, application auditing, social engineering, exploit development, and reverse engineering. He has spent many years protecting financial organizations from evolving threats, and is very passionate about improving organizations security. John is always striving to better himself by enhancing his security knowledge. He believes in contributing to the security community with new security findings and helping others learn as well. John holds the OSCE, OSCP, and SLAE certifications.   

Matt White is a long time builder of organizations.  He’s been helping VDA Labs grow and scale, and digging into all portions of GRC, Testing, Training, IR/SOC, AppSec, BlueTeam Engineering, and more.



Advanced Offensive Web Application Security

Scott White – Practice Lead, Software Security Team
Geoff Walton – Senior Security Consultant, Software Security Team

This course is designed to teach those with an understanding of basic web application security how to take their offensive testing to the next level.  Many advanced web application hacks chain multiple vulnerabilities together to obtain a desired final outcome. This training takes real-world hacks and allows students to gain hands-on experience using those techniques manually.

Laptop with wireless capabilities and root/local admin rights, Java, BurpSuite (free version is fine if you don’t have a license for pro) latest version (1.7 or 2.0 beta – your preference), Firefox ESR or Sea Monkey, optional virtualization software capable of importing an .OVA file or VMWare VM.


Scott White is the Practice Lead for the Software Security team for Cleveland-based TrustedSec.  He has presented to organizations such as OWASP, ISSA, ISACA, FBI’s Infragard, and others. He has also spoken at Defcon, and has been called upon by organizations such as the FBI and Secret Service as a subject matter expert.  He is the technical editor for the popular book, “Metasploit: The Penetration Tester’s Guide” and also for the book “The Basics of Web Hacking”. He holds a bachelor’s degree in Computer Science and a master’s degree in Network Security.  He has held various past positions in support, system administration, web development, penetration testing, and application security for both public and private sectors with clients in both government and commercial spaces. His experience includes performing web application security assessments, internal, external, and physical penetration tests, source code reviews, social engineering, and web application security training.  With many years of professional programming experience coupled with 10+ years of offensive security testing, he has a thorough web application security understanding from both developer and attacker perspectives. He is the DerbyCon CTF lead organizer and also enjoys participating in bug bounty programs. He was awarded for several vulnerabilities identified in the US Department of Defense’s “Hack the Pentagon” program.

Geoff Walton is a Senior Security Consultant for Cleveland-based TrustedSec. He joined TrustedSec’s founder, David Kennedy, after years of working in information security. Geoff’s expertise in pen testing, network security, and software analysis comes from over ten years of experience in a variety of information technology roles including software development, network operations, and information security specific functions; Geoff brings a broad vision to assessments and penetration test engagements. Geoff has been part of diverse IT teams at organizations both large and small. He has experience across several industries including retail, professional services, and manufacturing. Geoff has experience in performing static code analysis of mainframe code including Cobol. Geoff holds a degree in Information Science from Baldwin Wallace College. Professionally Geoff has had an active role in developing information Security practices and has been responsible for network operations and security architecture throughout his career.  He is a DerbyCon CTF organizer and creates many of the challenges for participants to enjoy each year.



Adversarial Threat Hunting (Red vs Blue)

Ben Ten & Larry Spohn

This course is completely hands-on, focusing on the latest attack techniques and building a defense strategy around them. This workshop will cover purple team efforts and provide methods for understanding how to best detect threats in an enterprise. It will give penetration testers the ability to learn the newest techniques, as well as teach blue teamers how to defend against them. This course applies real-world offense and defense capabilities to truly paint the full picture of understanding how attacks happen today and how to best prevent them. It contains all of the latest pentester methods as well as unreleased methods for detecting attacks. Students can have a penetration testing background, or someone that focuses on defense.

They will need a laptop with VMWare Player or VMWare Workstation and 20gb of free space for the student VM.


Ben has been working in technology and development for over 20 years. He spent 13 years doing defense in the medical industry before moving over to the offense. He uses his knowledge of defense in order to refine his offensive skills and then uses this knowledge to equip customers with a better understanding of defensive methodologies.

Larry Spohn is a senior security consultant at TrustedSec, an information security consulting company based out of Cleveland Ohio. Larry’s main areas of expertise are focused on Information Security Risk Assessments, Penetration Testing, Application Security, and Red Teaming. Larry joins the team with extensive knowledge in the financial sector and has extensive knowledge in Python and PowerShell development and exploitation. Education & Certifications: OSCP, CISSP, MCSE



Mastering Mimikatz, Kekeo and more.

Carlos Perez

The Mimikatz set of tools and Kekeo are the go to toolset for security professionals when performing attack simulations against the Windows Authentication Infrastructure, local to the system and against ActiveDirectory. This training class will focus on showing the ins and out of the tools, how they work and how to use them in a operational environment. Some of the areas that will be covered are:
     – Abusing Authentication Providers
     – Credential and secret extraction with DPAPI/DPAPI-NG
     – Kerberos Security and abuse.
     – Active Directory Persistence
     – Eventlog abuse.
     – Use of Mimikatz tools for Research.
More areas will be covered also, from services, processes and even on using the WinDBG extension of Mimikatz. Kekeo will be covered deeply and how the technologies it leverage work.

Laptop capable of running 2 Windows VM, one Windows Server 2016 and the other Windows 10 Enterprise and enough drive space to store them. Images for the VMs will be provided.


Carlos Perez is known in the community for his work in post-exploitation and security in general for his contributions to Metasploit, his page Shell is only the Beginning, PTES and many other endeavors. He currently works as the Teal Lead for the research team at TrustedSec where his main focus is leading a tea, of super bight developers in the development of new tools for the Red/Blue teams and doing research to aid in threat emulation. He is also well known as one of the co-host of Security Weekly Podcast, member of BSidesPR and board member of several none for profits to aid in the development of students in science and technology.



PowerShell for Blue/Red Teams

Jose Quinones, Jose Arroyo

This course will cover from basics to advance use of Windows PowerShell for the the security professional that works either in a Blue or Red Teams.

Laptop with a Win10 Ent VM with Office trial (they can download the 90day demos from MS) and Sysinternals Sysmon installed.


José L. Quiñones has 20 + years of experience in the IT field and holds a Bachelors in Science in Electronic Engineering Technology from the University of Puerto Rico with specialty in communications, and digital processors. Additionally holds various professional certifications in systems administration area such as: MCP, MCSA, and RHCSA, but also in the IT security field such as: CEH, CEI, C)PEH, C)M2I, GCIH and GPEN.

For the last 12 years Jose has worked in the Health and Education industries as IT Director for a Medical School, but also works as an independent consultant in IT infrastructure, cloud and cybersecurity architecture. Jose has design courses and workshops in Networking, Windows, Linux, Virtualization, Ethical Hacking and Incident Handling; and teaches professional certification courses for private educational centers.  Also is the Technical Advisor for Engine 4 Copr.’s IoT Lab and Bayamon Smart City Program.

He is President/Co-Founder of Obsidis Cosortia, Inc a not for profit organization which mission is to promote professional development of information security for IT professionals, students and enthusiasts, and security & privacy awareness to the general public. Jose, runs a local security user group “Defcon Group 787”, is the head organizer of “Security B Sides Puerto Rico”, designs Network Security Training Scenarios and Simulations (Capture the flag events) and Hackathons, is the host of a cybersecurity podcast in Spanish called “La Resistencia .IO” and runs a personal blog about systems administration and information security Finally, he has presented in Conferences such as ISSA, ISACA, Security B Sides Puerto Rico, and Derbycon.

Jose Arroyo Serves as a Airway Transportation System Specialist for the Federal Aviation Administration (FAA). As a communications and radar automation technician his duties include making sure all Radar and Communication systems that support the National Airspace System are fully operational for Air Traffic Control. He also serves the armed forces with the rank of 1st Lieutenant for the Puerto Rico Air National Guard as a Cyber Operations Officer. As a communications officer he supervises all computer systems architectures and protocols to include network infrastructure and telecommunications controls implementing proper utilization, planning and operational management.  

Arroyo is an accomplished IT specialist with nearly 15 years of experience in designing, implementing and security hardening information systems for both military and the private sector.

He served as an IT trainer and consultant for several corporations, including: Talk To an IT Corp. and Beta Communications, located in Bayamon, Puerto Rico, GLC–Corp and ExecuTrain, located in San Juan, Puerto Rico.

Arroyo is the Vice President and Co-Founder of Obsidis Consortia, a non-profit organization dedicated to helping the community understands technology and information assurance. As part of this movement Obsidis Consortia has been collaborating with the Puerto Rico’s Department of Justice with training law enforcement officials and prosecutors on cybercrime. He is the co-author of The Cyber Crime Investigative Methodologies handbook written specifically for the Puerto Rico’s code of justice.

Arroyo graduated from the University of Puerto Rico in Bayamon on 2003 with a bachelor of science in engineering technology. He earned his Microsoft Certified Systems Administrator, Microsoft Certified Trainer and EC-Council Certified Ethical Hacker from Global Learning and Consulting located in San Juan, Puerto Rico on 2005. In 2012 he completed a master’s degree in information assurance from Walsh College an NSA Academic of Excellence Certified University and is currently a PhD candidate at Capella University where he writes his dissertation on Social Network Analysis from a Forensics Perspective.



Dark Side Ops: Malware Dev

Silent Break Security

Threat Intel reports are constantly being released which document the novel techniques and custom tooling that support real world operations. However, despite access to this information, the industry still lacks many of the fundamentals required to emulate nation state threats, opting instead for “off the shelf” tooling and click-once solutions. These tools abstract the true work required to compromise, engage, and exfiltrate a target network, leaving an operator scrambling when the going gets tough.

“Dark Side Ops: Malware Dev” focuses on the goals, challenges, architecture, and operations of advanced persistent threat (APT) tooling. Participants will dive deep into source code to gain a strong understanding of execution vectors, payload generation, automation, staging, command and control, and exfiltration. In addition, participants are given hands-on experience with black hat techniques currently used by hackers to bypass NIDS and HIPS systems, layer 7 web proxies, “next-gen” antivirus, and DLP solutions.

At the end of this course students will be able to:

– Build and modify custom payload droppers, beaconing backdoors, and interactive shells.
– Implement stealthy command and control methods.
– Design and automate the creation of sophisticated client-side attacks.
– Pivot laterally between workstations for large-scale network compromise.
– Bypass defensive host and network countermeasures such as anti-virus, firewalls, IDS/IPS, SIEMs, and strict egress filtering.
– Establish custom, stealthy persistence in a target network.
– Compile and deploy an advanced custom toolkit for exploration, understanding, and real “Red Side” operations.

Participants will receive source code to a variety of offensive tools, including custom shells, backdoors, C2 listening posts, and client-side exploitation techniques. To reinforce the knowledge provided through instruction, the modification and creation of the code is the focal point of every lab, allowing participants to take materials home for continued use.

** This is a completely rebuilt version of our previous “Custom Penetration Testing” course **

Personal or work laptop with:
– Administrator access to allow for modifying network configuration, sniffing traffic, etc.
– Reliable wireless connectivity
– VMWare Workstation, Fusion, or Player
– The ability to run two virtual machines simultaneously (8GB+ of RAM)
– 80GB of free disk space for the VM files


The Silent Break Security team has been providing offensive security training for over 10 years. As a company, our core philosophy is centered on a deep, technical understanding of real-world attacks backed by the highest standards of quality in all that we do. From the trainers to the training content to the security services, Silent Break Security represents the best.