Great hackers are good people.
Many courses on red teaming will teach you the technical process of how to exploit targets. But seldom do courses cover what it means to carry out the role of a red teamer responsibly.
Responsible Red Teaming is a seminar on the ethical, legal, and tactical considerations of how to perform red team operations that are safe, responsible, and practical. It includes written lectures and practical labs centered on how we can emulate cybercriminals without introducing the risk of real cyber crime.
This course asks you to think deeply about what it means to you to be a considerate, ethical, responsible red teamer. It will then show you how to translate responsibility into practical application and refine your tradecraft in the areas of C2 infrastructure design, malware emulation, and payload engineering.
This is not a course that teaches you how to be a red teamer. It’s a course where you learn how to operate with honor.
Things You’ll Do In This Course
- Discuss safety and responsibility during red team operations.
- Consider the difference between legality, ethics, responsibility, and operational security (OPSEC) in the context of red teaming.
- Examine an engagement scope document and identify areas that require more clarity.
- Write scripts that log terminal activity and ship the logs to a log aggregation server.
- Use Elastic, Fleet, and Sysmon for Linux to make a robust red team infrastructure logging and auditing system.
- Create red team tools and detection rules for use in a Break Glass scenario.
- Create a secure red team infrastructure from scratch using hybrid-cloud assets.
- Use the Rust language to build malware that has execution guard rails and other safety features.
- Integrate adversary Tactics, Techniques, and Procedures (TTPs) into technical exploitation responsibly.
- Build a low-fidelity emulation of a malware sample that focuses on safety.
- Capstone: A Choose-Your-Own-Adventure engagement on a live target where your choices will determine the success of the operation.
Level of Instruction
The course covers concepts that range in intensity from intermediate to advanced. It is expected that the student is familiar with the red teaming process and toolkit.
Medium of Instruction
The medium of instruction for this course includes written lectures and practical labs. It also includes a practical course capstone. The course material is written in English.
This course requires fundamental understanding of basic red team concepts. A student should be familiar with how to carry out red team engagements, from C2 infrastructure setup to reporting and presenting findings. The course assumes competency with C2 frameworks and some basic malware development for red team operations. Extensive malware development experience is not a requirement for this course.
- A computer that has an internet connection and can run up to two virtual machines with the following specs:
- Kali Teamserver: minimum 4GB, recommended 8GB
- Course Capstone vulnerable VM: minimum 4GB, recommended 8GB
- Storage: 40GB each
- CPUs: minimum 1 each, recommended 2 each
- Basically, if you can run a Kali Linux guest host and an Ubuntu desktop guest host on the hypervisor of your choice at the same time and they both can reach the internet, you meet the requirements.
- The ability to provision a single cloud host with one of the major cloud service providers (DigitalOcean, AWS, Azure) is recommended to complete the C2 Infrastructure lab, though this is not required to complete the course. DigitalOcean is used in this specific lab, but any major cloud service provider will work.
- A GitHub account is recommended, though not required, to complete the YARA rule writing lab.
- Four Core Principles of Responsible Red Teaming
- Client Data Handling
- Document, Document.... DOCUMENT.
- Engagement Logging & Auditing
- Lab: Terminal Logging, Elastic, & Fleet
- Lab: Robust Red Team Infrastructure Monitoring with Sysmon for Linux
- Tool Accountability: "Break Glass Protocol"
- Lab: YARA Rules for Custom Red Team Tools (part 1/2)
- Lab: YARA Rules for Custom Red Team Tools (part 2/2)
About the Instructor
Matt Kiely (HuskyHacks) is a principal security researcher, red teamer, content author, and teacher of over 35K students worldwide. He has over 10 years of experience in Information Technology and Cybersecurity. He is the creator and instructor of Practical Malware Analysis & Triage at TCM Security Academy.