Overview

The Advanced Red Team Operators course is an advanced-to-expert level simulated lab environment
hosted in Azure and AWS, designed for experienced students to gain practical experience in
advanced red team operations using Cobalt Strike. Over the course of three days, students will learn
how to build infrastructure to simulate a real-life red team operation using Cobalt Strike, a powerful
tool for executing red team operations. The course includes topics such as redirectors, C2 channels,
vulnerability identification, network enumeration, process injection, and privilege escalation. With
Terraform scripts provided to set up the lab environment and a simulated real-life attack path to
navigate, the Advanced Red Team Operators course is essential for experienced professionals
seeking to hone their advanced red team operations skills using Cobalt Strike.

Who Should Attend?

This course is intended for advanced students with a strong understanding of the fundamentals of
cybersecurity, experience with penetration testing, and experience in executing red team operations.
It is designed for individuals who want to take their red team skills to the next level and challenge
themselves with practical experience in advanced red team operations using Cobalt Strike. Current
red team operators will thrive here and have the opportunity to expand their skill set and learn new
techniques to stay ahead of the curve.

Key Learning Objectives
 Learn how to set up and configure Cobalt Strike with Docker
 Understand C2 channels and learn how to build HTTPS redirectors using Apache Mod-rewrite
 Gain practical experience in Azure configurations and setup
 Learn how to use AWS Lambda with Python
 Utilize GCP and Azure CDNs for custom traffic redirection
 Learn how to protect your infrastructure and team server
 Develop expertise in process injection and payload development
 Learn how to perform attack path enumeration and execution for red team operations.
Prerequisite Knowledge

Students should have experience in advanced cybersecurity fundamentals and a strong
understanding of penetration testing and execution of red team operations. However, this course is
designed to challenge you across areas that you may not be comfortable with, and that is the point. A
willingness to learn and not give up is essential. Students should also be familiar with Cobalt Strike
and have a working knowledge of AWS and Azure cloud platforms, GCP, Docker, Apache web server
configurations, HTTPS redirectors using Apache Mod-rewrite, shellcode development for bypassing
AV/EDR, and advanced network design for red team operations. Comfort with Terraform is also
expected for deploying necessary infrastructure.
Lab Environment
Students will be given multiple Terraform scripts to spin up their own lab environment in AWS/Azure
that consists of the following:
 Ubuntu Cobalt Strike Team Server
 Ubuntu Cobalt Strike Redirector Server
 Windows 10 Development Machine
 Kali Linux

 Windows Server 2019 (Domain Controller)
 Windows Serer 2019 (PKI Server)
 Windows Serer 2019 (Application Server)
 Windows Serer 2019 (SQL Server)

Hardware/Software Requirement
 Students must have an active AWS admin account with programmatic access.
 Students must have an active Azure admin account
 Students must have a GCP admin account
 Students must be able to run terraform from local laptops

Syllabus
Day 1:
 Introduction to the course and lab environment setup
 Setting up Cobalt Strike with Docker
 Understanding C2 channels and HTTPS redirectors using Apache Mod-rewrite
 Building infrastructure in Azure and AWS to protect the Cobalt Strike team server
 Utilizing AWS Lambda with Python for custom traffic redirection
 Using GCP and Azure CDNs for custom traffic redirection
 Protecting your infrastructure and team server
 Process injection techniques and payload development for gaining a foothold on a simulated
attack target
Day 2:
 Hiding shellcode for bypassing AV/EDR
 Footholds in 2023
 Terraform setup and configuration for a simulated Active Directory environment in AWS

 Breaching a simulated Active Directory environment and overcoming challenges using real-
life examples from 2022 and 2023 engagements

 Attack path enumeration and execution for red team operations
Note: Please note that the syllabus provided is intended to be a general outline of the course content
and does not reflect the true nature of the course guide or starting and ending points. This course is
hyper-current and changes are always made at the last minute to ensure that students receive the
most up-to-date and relevant content possible. As a result, the syllabus is subject to change, and
course content may be modified based on student skill level, course progression, and other factors.