The Course

The front lines of real-world attacks move faster than defenses can keep up. Public exploits, proof of concepts, defensive bypasses, attack methodologies, and “tricks of the trade” are readily available. To match, sophisticated adversaries are constantly building custom code, integrating public research, and researching 0-day techniques for their operations. Do you want to be the best resource when the red team is out of options? Can you understand, research, build, and integrate advanced new techniques into existing toolkits? Challenge yourself to move beyond blog posts, how-to’s, and simple payloads.

This course extends the Silent Break Security training series, “Custom Pen Testing” and “Malware Dev”, by furthering participants’ abilities to think, operate, and develop tools just like sophisticated, real-world attackers. This includes the research of defensive bypasses, implementation of public research, and modification of toolkits to accomplish operational goals. If you want to 1) build confidence in your offensive approach and capabilities, 2) learn about and implement the techniques of stealthy malware and backdoors, and 3) achieve the operational results of a sophisticated adversary, then Dark Side Ops 2: Adversary Simulation is for you.

This course was updated Fall 2019.

Learn

Integrate

and injest the latest offensive techniques into custom toolkits

Research

and discover unpublished execution techniques

Build

a rootkit and explore network traffic triggers for code execution

Implement

flexible staging and code injection techniques

Reverse engineer

.NET applications to identify 0-day vulnerabilities

Understand

and bypass “next-generation” endpoint protections

Develop

and perform stealthy user-land persistence techniques

Design

versatile malware, backdoors, and loaders to diversify your toolset and capabilities

Participants will receive source code to a variety of offensive tools, including custom shells, backdoors, C2 listening posts, and client-side exploitation techniques. To reinforce the knowledge provided through instruction, the modification and creation of the code is the focal point of every lab, allowing participants to take materials home for continued use.

Requirements

“Dark Side Ops 2: Adversary Simulation” is ideal for offensive security enthusiasts who are ready to take their skills beyond the next public technique, tool, script, or fill-in-the-blank pen-testing dependence. If you’re an operator or hobbyist interested in building and modifying custom offensive tools to bypass the latest offensive countermeasures, this course is for you. If you are SOC analyst, developer, or incident responder who is interested in a malware development deep dive for hands-on learning, this course is for you.

L33t programming skills are not necessary to enjoy this course, and the labs are designed to provide 2 packed days regardless of previous experience. The material will focus solely on Windows environments, however some of the tooling and all of the theory could be applied to other operating systems as well. We truly believe participants will not leave this course disappointed.

Students should have at least:

• An intermediate level of systems administration experience using Windows or Linux
• Familiarity with an APT kill chain (initial access, persistence, lateral movement, etc)
• Experience with programming (however small or long ago)

Students benefit from:

• A history of Dark Side Ops participation, including “Custom Penetration Testing” and “Malware Dev”
• Knowledge of modern offensive research and concepts
• Familiarity with Windows internal concepts (tokens, handles, services, etc)
• Experience developing netsec scripts or tools (C++, Python, Powershell, etc)
• Experience with penetration testing techniques or frameworks (Metasploit, Cobalt Strike, etc)