Event details
Mandiant Academy Training Event
- Course: Creative Red Teaming
- Date: Monday, June 23, 2025 – Friday, June 27, 2025
- Time: 8:00 AM–2:30 PM, daily
- Time Zone: (UTC-08:00) Pacific Time (US & Canada)
- Cost: $5,000 USD or 5 EOD units
- Delivery Method: Instructor-led, virtual delivery
- Location: Google Meet
At a glance
Mandiant red teams have conducted hundreds of covert red team operations. This course draws on that knowledge to help learners improve their ability to perform advanced offensive operations in an enterprise network.
Learners will better understand advanced threat actor behavior that Mandiant experts have observed through incident response investigations. Learners will also see how Mandiant red teams refine advanced attacker tools, tactics and procedures (TTPs) for use by red teams in their attempts to emulate advanced threat actors. Learners will develop the ability to think like an attacker and creatively use these TTPs to accomplish response goals while avoiding detection.
Mandiant red team leads conduct this fast-paced technical course with presentations and scenario-based labs based on frontline expertise and intelligence-based security research. Learners receive hands-on experience conducting covert cyber attack simulations that mimic real-world threat actors. They will learn how to bypass advanced network segmentation, multi-factor authentication and application whitelisting, abuse web applications, escalate privileges and steal data while circumventing detection methods.
Course goals
By the end of this course, students will know how to:
- Identify, fingerprint and compromise a target with custom-crafted payloads while bypassing antivirus (AV) detection
- Deploy creative tactics—from older techniques to newer ones—to maintain access to any compromised machine
- Understand the tools and methods attackers use to exploit the lowest-level user privileges to gain higher, administrative privileges and move laterally throughout a network while avoiding security alerts
- Avoid and bypass various challenges such as application whitelisting, encryption, multi-factor authentication, sandboxes and more
- Exfiltrate data from “secure” networks undetected, without triggering firewalls or generating alerts
- Identify the goals and challenges of managing a red team operation, including risk measurement and reporting
Course agenda
Course Overview
- What is Red Teaming
Infrastructure and C2
- Infrastructure
- C2 Server Setup
- C2 Usage
Reconnaissance
- Passive Recon
- Active Recon
Initial Compromise
- Technical Compromise
- Social Engineering
Establish Foothold
- .NET Weaponization
- Payload Generation
- Sandbox Evasion
- Post-Exploitation Activities
Privilege Escalation
- Local Privilege Escalation
- Domain Privilege Escalation
Internal Reconnaissance
Lateral Movement
Maintain Persistence
- Old School Persistence
- New School Persistence
Completing the Mission
- Overcoming challenges to accessing objectives
- Data egress
Capture the Flag
Who this course helps
Red team members, penetration testers, defenders wanting to understand offensive tactics techniques and procedures (TTPs) and information security professionals looking to expand their knowledge base.
Prerequisites
A background in conducting penetration tests, security assessments, IT administration, and/or incident response. Working knowledge of the Windows operating system, file systems, registry and use of the Windows command line. Experience with Active Directory, basic Windows security controls, common network protocols, Linux operating systems, Scripting languages (PowerShell, Python, Perl, etc.) and assessment of web applications using the OWASP top 10.
What to bring
Students should bring their own laptop computer with the latest browser of choice (Firefox or Google Chrome preferred) and a stable internet connection of at least 10 Mbps.
Course materials
Students will receive electronic versions of all relevant course materials.
