Certified Enterprise Security Controls Attack Specialist [CESC-AS]
• AV, EDR (Windows & Linux), Directory-Level and Linux Controls Bypass
• Offensive C# Trade-Craft & Windows API Abuse
• Multiple Cross-Forest Attacks in a hardened environment
• Windows Features (AMSI, CLM, UAC, Applocker, WDAC, WDAG, WDEG, Sandbox) Bypass
• Multiple Cross-Forest Attacks in a hardened environment
CESC-AS Introduction
Apex Threat Actors having advanced capabilities like leveraging in-memory implants, writing custom codes to evade AVs & EDR, moving laterally with custom made Tools, evading host and network level security solutions for stealthiness etc are constantly consolidating their attack techniques (and Tactics) against Defensive Teams.
Students will gain enough knowledge of the enterprise-grade security controls and how they can be stealthily evaded in Host-level, Network-level, Cloud-Level (EDR) and in a monitored Active Directory network having Health Care Simulation. Class will go through TTPs, writing custom toolkit in C#, abusing Windows internals / features and monitoring solutions, writing custom bypasses for evading host & network controls, bypassing cross-forest restrictions in AD Environment having Windows & Linux platforms in order to better refine detection in an enterprise.