Offensive Development

I can say without a doubt that this course was extremely helpful with teaching me things I need to become a better red teamer and improve my OPSEC ability.

It's been an amazing course and I had a lot of fun. I'll definitely recommend to all of my friends.

I just wanted to say that this was the best training I've ever attended at any conference. It was really informative and provided a ton of great takeaways for continued learning.

The Offensive Development is the first course which is dedicated to building payloads that bypass modern AV/EDR products.
There are a lot of other courses which focus on concepts, discuss bypasses, but none of them take the student through building payloads from scratch and then bypassing EDR live.

This course focuses on a brief introduction towards Windows Internals and calling Windows API functions dynamically, and ends with students buildings payloads and bypassing modern defensive solutions.

Each student gets access to an isolated cyber range where they will develop their malware and deploy it with Cobalt Strike. That’s right, Cobalt Strike is built into the course.

During the course, you will learn how AV/EDR products work so that you can understand how brittle they truly are.
Topics that will be covered are: AMSI/ETW bypass, writing shellcode, writing BOFS, malleable C2 profile, various process injection techniques, hiding strings and imports, and more.

This course isn’t just for red teamers: you will learn how to hunt for default Cobalt Strike usage, detect process injection by looking at memory permissions and strange parent/child relationships, and detecting dynamically calling Windows APIs via LoadLibrary/GetProcAddress.

The total course duration is 2 days of online interactive training sessions over Zoom. Students will receive an email inviting them to the training.

Inside the cloud environment, the students will have access to a plethora of Windows machines with various EDR/AV products installed. The students will also have access to the Cobalt Strike C2 platform for the duration of training. A detailed syllabus on the training content can be found here.

White Knight Labs provides Certificate Of Completion for every completed course. This certificate may be verified by contacting info@whiteknightlabs.com using the enrolment ID from the given certificate.

This is an intermediate level course. If you’re completely new to porgramming and Windows Internals, it might be hard to keep up.
A background in the following topics would be useful before taking this course:

Fundamental knowledge of C/C++ programming
.NET/C# development
Basic understanding of Windows Internals/APIs
Familiarity with modern Windows defenses
Strong willingness to fail repeatedly and learn

During the course, we will be interacting with different AWS EC2 instances using Guacamole.

Students will utilize their personal AWS account.

From that point, students will deploy the environment which consists of the following machines in the same subnet:

3 x Windows machine with different commercial EDR solutions installed
1 x Windows development machine
1 x Kali Linx Attacker machine
1 x Ubuntu cobalt Strike server
1 x Windows machine /w Defender turned on
1 x Admin machine running Guacamole for the env

We strongly recommend that you create an AWS account BEFORE the course begins.

Here is a list of tools/requirements for the Offensive Development course (they’ll be preinstalled on the machines):

High-Speed Internet Connection
Visual Studio
Code Blocks
DotPeek .NET decompiler
CFF Explorer
Sysinternals Tookit
clang
Wireshark
Frida
WinDbg
ConfuserEx
HxD
Cobalt Strike

Services

Company

Quick Contact