Offensive Development

  • Home
  • Offensive Development

Testimonial

Offensive Security Engineer
- IDEXX

I just wanted to say that this was the best training I've ever attended at any conference.It was really informative and provided a ton of great takeaways for continued learning.

Adversarial Emulation/Red Team
- Deloitte

I can say without a doubt that this course was extremely helpful with teaching me things I need to become a better red teamer and improve my OPSEC ability.

Offensive Cyber Security Team Lead
- Undisclosed

It's been an amazing course and I had a lot of fun. I'll definitely recommend to all of my friends.

Upcoming Training

What To Expect

The Offensive Development is the first course which is dedicated to building payloads that bypass modern AV/EDR products.
There are a lot of other courses which focus on concepts, discuss bypasses, but none of them take the student through building payloads from scratch and then bypassing EDR live.

This course focuses on a brief introduction towards Windows Internals and calling Windows API functions dynamically, and ends with students buildings payloads and bypassing modern defensive solutions.

Each student gets access to an isolated SnapLabs cyber range where they will develop their malware and deploy it with Cobalt Strike. That’s right, Cobalt Strike is built into the course.

During the course, you will learn how AV/EDR products work so that you can understand how brittle they truly are.
Topics that will be covered are: AMSI/ETW bypass, writing shellcode, writing BOFS, malleable C2 profile, various process injection techniques, hiding strings and imports, and more.

This course isn’t just for red teamers: you will learn how to hunt for default Cobalt Strike usage, detect process injection by looking at memory permissions and strange parent/child relationships, and detecting dynamically calling Windows APIs via LoadLibrary/GetProcAddress.

Training Content

The total course duration is 2 days of online interactive training sessions over Microsoft Teams. Students will receive an email from SnapLabs inviting them to the training.

Inside the SnapLabs cloud environment, the students will have access to a plethora of Windows machines with various EDR/AV products installed. The students will also have access to the Cobalt Strike C2 platform for the duration of training. A detailed syllabus on the training content can be found here.

Certification

White Knight Labs provides Certificate Of Completion for every completed course. This certificate may be verified by contacting info@whiteknightlabs.com using the enrolment ID from the given certificate.

Prerequisites

This is an intermediate level course. If you’re completely new to porgramming and Windows Internals, it might be hard to keep up.
A background in the following topics would be useful before taking this course:

System Requirements

During the course, we will be interacting with different AWS EC2 instances using Guacamole.

Students will make their a personalized SnapLabs account and tie it directly to their personal AWS account.

From that point, students will deploy the environment which consists of the following machines in the same subnet:

We strongly recommend that you create an AWS account and SnapLabs account BEFORE the course begins.

Here is a list of tools/requirements for the Offensive Development course (they’ll be preinstalled on the machines):