Open-Sec Red Team Operator


Red teaming is more than a hype right now, no matters that maturity level an organization have, this is a kind of test that must be do it. But, there a lot of options to get trained for pentesting and some for red teaming, so, this is good option for blue teamers and pentesters to learn and confirm their knowledge about Tactics, Techniques and Procedures required in red team exercises. Going beyond just learning through demos and the lecture of ATT&CK framework, during this workshop We are goint to teach them how to start a phishing campaign (an effective one) to get the initial compromise and then move laterally in order to grab the crown jewels through an exfiltration channel controlled by a C2 with the extra value to learn how to bypass defenses like IPS, EDR, SIEM, etc.


We are part of team focused in security testing and got very good experience doing red teaming in several kind of companies during last 2 years, so, We want to share this experience through a workshop. The outline is :


What is Red Teaming

Pentesting vs Red Teaming


ATT&CK framework explained and why is not for red teamers

2.Discovery (RECON).

Searching for useful data (what, why, where, when).

Using search engines through APIs.

Not so common search engines.

Lab 2.1 : Make a profile for ACME Corp (fictional company) using Censys.

3.Initial Compromise

Phishing campaign

Spraying like a boss

Powershell without Powershell

IPS Evasion

EDRs Evasion

Lab 3.1 : Powershell without Powershell for the win

4.Lateral Movement

Credentials harvesting

Privilege Escalation

Droppers and Implants

SIEM Evasion

Lab 4.1 : Getting credentials without locking accounts

5.Establishing a C2

Lateral Movement with or without a C2

C2 Components

C2 frameworks

Deploying a C2

Bypassing the blue teamers actions (persistence)

Lab 5.1 : Deploying a C2 in a persistent way

6.Searching for the crown jewels

Identifying the right targets

Searching in shared folders

Getting a jewel from internal web applications

Passive data gathering

Lab 6.1 : Searching data on user machines


Data preparation

Covert channels

Covert repositories

Lab 7.1 : Exfiltration made by hand

8.Extras but Required

Physical Intrusion

Report model

How to help blue teams or going Purple

Students will need to bring just a laptop with MS Windows 7 or later and latest Kali Linux version. Virtual machines will be ok.


Walter Cuestas


Walter is the OffSec Research Leader (OSCP, WhiteHat Security Certified Secure Developer). Also, he has been leading the Open-Sec pentesters/red teamers since 2006.

Hernán Parodi

Hernán es nuestro CEO y Senior Pentester (eWPT) / Red Teamer. Es un experto en seguridad de infraestructura y aplicaciones. Forma parte del equipo de Open-Sec desde 2010.

3 días

 27, 28 y 29 de septiembre

De 10 a 17 hs.




USD 1500