Instructor-led training course
This course draws on the knowledge and experience of Mandiant red teams to help learners improve their ability to prevent, detect, and respond to threats in an enterprise network.
Learners can understand advanced threat actor behavior that Mandiant experts have observed through incident response investigations. Learners will also see how Mandiant red teams refine advanced attacker tactics, techniques, and procedures (TTPs) for use by red teams in their attempts to emulate advanced threat actors. Learners can develop the ability to think like an attacker and creatively use these TTPs to accomplish response goals while avoiding detection.
Mandiant red team conducts this fast-paced technical course with presentations and scenario-based labs based on frontline expertise and intelligence-based security research. Learners receive hands-on experience conducting covert cyber attack simulations that mimic real-world threat actors. They can learn how to bypass advanced network segmentation, multi-factor authentication, and application allowlisting, abuse web applications, escalate privileges, and steal data while circumventing detection methods.
Prerequisites: A background in conducting penetration tests, security assessments, IT administration, and/or incident response. Working knowledge of the Windows operating system, file systems, registry, and use of the Windows command line. Experience with Active Directory, basic Windows security controls, common network protocols, Linux operating systems, Scripting languages (PowerShell, Python, Perl, etc.), and assessment of web applications using the OWASP top 10.
After completing this course, learners should be able to:
Red team members, penetration testers, defenders wanting to understand offensive tactics, techniques, and procedures (TTPs), and information security professionals looking to expand their knowledge base.
In-classroom or virtual instructor-led training
Students are required to bring their own laptop that meets the following specs: