SANS SEC564: Red Team Exercises and Adversary Emulation

1,600.00

In SEC564, you will learn how to plan and execute an end-to-end adversary emulation, including how to plan and build a red team program, leverage threat intelligence to map against adversary tactic, techniques, and procedures (TTPs), emulate those TTPs, report and analyze the results of red team exercises, and ultimately improve the overall security posture of the organization.

You will do all of this in a course-long exercise, in which we perform an adversary emulation against a target organization modeled on an enterprise environment. This environment includes Active Directory, email, web, and file servers, as well as endpoints running the latest operating systems. We will start by consuming cyber threat intelligence to identify and document an adversary that has the intent, opportunity, and capability to attack the target organization. You will discover the TTPs used by the adversary while creating an adversary emulation plan leveraging MITRE ATT&CK (Adversary Tactics, Techniques, and Common Knowledge).

We’ll cover the planning phase of these exercises, showcasing various industry frameworks and methodologies for red teaming and adversary emulation. These frameworks are industry standards used by various regulatory bodies to ensure consistent and repeatable red team exercises.

Using strong planning and threat intelligence, students will follow the same unified kill chain as the adversaries to reach the same objective, from setting up attack infrastructure with command and control to emulating multiple TTPs mapped to MITRE ATT&CK.

The course concludes with exercise closure activities such as analyzing the response of the blue team (people and process), reporting, and remediation planning and retesting. Finally, you will learn how to show the value that red team exercises and adversary emulations bring to an organization. The main job of a red team is to make a blue team better. Offense informs defense and defense informs offense.

HOMEPAGE – https://www.sans.org/cyber-security-courses/red-team-exercises-adversary-emulation

 

Original Price: $2,800
Our Price: $20

Description

Size: 13.0 GB

Prerequisites

The concepts and exercises in this course are built on the fundamentals of offensive security. An understanding of general penetration testing concepts and tools is encouraged, and a background in security fundamentals will provide a solid foundation upon which to build Red Team concepts.

Many of the Red Team concepts taught in this course are suitable for anyone in the security community. Both technical staff as well as management personnel will be able to gain a deeper understanding of Red Team exercises and adversary emulations.

Who Should Attend SEC564?

  • Security professionals interested in expanding their knowledge of Red Team exercises in order to understand how they are different from other types of security testing
  • Penetration testers and Red Team members looking to better understand their craft
  • Blue Team members, defenders, and forensic specialists looking to better understand how Red Team exercises can improve their ability to defend by better understanding offensive methodologies, tools, tactics, techniques, and procedures
  • Auditors who need to build deeper technical skills and/or meet regulatory requirements
  • Information security managers who need to incorporate or participate in high-value Red Team exercises.