Adversary Tactics - Red Team Operations
Important
After reading the material, use the following resources to prepare for your specific delivery:
Mythic
Red Team Attack Infrastructure
You should be familiar with the concepts behind basic C2 and red team attack infrastructure design. Jeff Dimmock’s Red Team Infrastructure Wiki is a good collection of resources on this topic.
Windows and Active Directory
Most environments you’ll encounter as a red team operator leverage Microsoft’s Active Directory in one way or another. In preparation for AT:RTO, we recommend you review Active Directory basics and common attacks, such as the “identity snowball” aka credential shuffle, Kerberoasting, and Golden/Silver Tickets.
- Sean Metcalf’s ADSecurity Blog
- Microsoft Kerberos Authentication Overview
- Active Directory Attack and Defense
- BloodHound
- DEFCON 24 - Six Degrees of Domain Admin - Using Bloodhound to Automate Active Directory Domain Privilege Escalation Analysis - Andy Robbins, Will Schroeder, Rohan Vazarkar
Evasion
Today’s red team operators will encounter challenges from organizations with a mature security program and good telemetry (EDR). Knowledge of “offense in depth” or how to adapt your tools and behavior to the environment is an increasingly important skill for red team operators. These resources are a good introduction to the topic of evasion.
- Wild West Hackin’ Fest 2018 - Red Teaming in the EDR Age - Will Burgess
- XPN’s Blog
- Offense in Depth
- Fighting the Toolset
For other offensive and defensive topics to study, check out the blog posts made by the SpecterOps team. Our blog can be found at https://posts.specterops.io. We cover quite a few topics in the class that we have blogged about at one point or another, so the posts should serve as a good foundation.