Things I learned (TIL) and what I got out of the awesome two days SANS course on Red Team and Adversary Emulation I took online after Purple Team Summit 2021

TIL SEC564 Red Team Ops and Adversary Emulation

Things I learned (TIL) and what I got out of the awesome two days SANS course on Red Team and Adversary Emulation I took online after Purple Team Summit 2021

Course page: https://www.sans.org/cyber-security-courses/red-team-exercises-adversary-emulation/

• huge 2 day brain dump from an experienced operator and leader on effective practices (Thanks @jorgeorchilles !)
• useful definitions and models to distinguish the role of different functions
  • along with Purple Team Summit Talks and Red Team Guide book :
  • distinguish: vuln scan, vuln assessment, pen test, red team, purple team, adversary emulation
• intelligence driven process model for offensive operations using adversary emulation
  • plus another designed for purple team exercises and programs
• some background and tips on current platforms: Empire (and Starkiller), Scythe.io, Vectr.io, and Caldera
• a few hours practice on a full chain intrusion scenario (phish, elevate, lateral, exfil)
  • particularly great for me because there were more than one machine I could access