Red Teaming as a Service: Simulating Blackhat Attacks for Organisations

The goal of the training is to give a red teamer’s perspective to hackers and penetration testers who want to up their game of VAPT. We will start first with the fundamental concepts of red teaming and its process followed by differentiating how red-teaming is different than normal pentesting and the benefits of having a red-teaming approach towards application security testing. After this, the training will build upon from the ground up starting with the fundamental concepts of Information Gathering and Recon + various un-common tools and techniques to gather much more information about a target. We will then share red-teaming techniques for VA of Web and Mobile Applications where we will discuss various tools and tricks to find more bugs which will be followed by exploitation and data extraction methodologies. Not only will we be going through various automated tools and manual analysis, but the focus will also be on making the tools work efficiently and effectively by tweaking and debugging them. This will also include multiple case studies of interesting Business Logic vulnerabilities and how to spot them. Then we will cover numerous pivoting and privilege escalation mechanisms that help a red teamer move swiftly inside a corporate network without alerting the SOCs. The training will be packed with tons of real-life case studies we encounter during our staple + BONUS: A step by step case study of how we owned various pharmaceutical devices inside a corporate manufacturing network of a million dollar pharma client who wanted more than VAPT.