Skip to content
Antisyphon Training

Antisyphon Training

  • Home
  • News & Updates
  • Calendar
  • Training
    • Course Catalog
    • Live Training
      • Live Courses Catalog
      • Live Training Calendar
    • On-Demand Training
      • On-Demand Catalog
      • Security for MSPs
    • Pay What You Can Training
    • Cybersecurity Training for Businesses
    • The Vault Program
    • Training Roadmap
  • Summits
    • Upcoming Summits
    • Past Summits
  • Cyber Range
    • About Our Cyber Range
    • ACE-T™ Certification
    • Purchase Subscription
  • About
    • Mission
    • FAQ
    • Our Instructors
    • Giving Back
    • Testimonials
  • Contact Us
  • Toggle search form
Enterprise Attacker Emulation and C2 Implant with Joff Thyer

Enterprise Attacker Emulation and C2 Implant w/ Joff Thyer

Course Length: 16 Hours
Tuition: $575 per person

Includes: Twelve months of complimentary access to the Antisyphon Cyber Range, certificate of participation, six months access to class recordings.

Enterprise Attacker Emulation and C2 Implant with Joff Thyer
This Antisyphon Training Course is available as a Live Online presentation.

This page is for the Live version of this course. See below for any trainings currently scheduled. If there are no training sessions scheduled at this time, there may be an On-Demand version available.

If you are interested in arranging a private training for your organization, contact us to set up a call!


Course Description

As penetration testers, we all have a need to establish command and control channels in our customer environments. This can be done under the guise of an “assumed compromise” context or in a more adversarial Red Team context. The age of endpoint detection and response (EDR) solutions and application whitelisting has created significant barriers to commodity/well known malware deployment for adversarial exercises.

This class focuses on the demonstration of an Open Command Channel framework called “OpenC2RAT”, and then developing, enhancing, and deploying the “OpenC2RAT” command channel software into a target environment. Students will learn about the internal details of a command channel architecture and methods to deploy in an application-whitelisted context. The class will introduce students to blocks of code written in C#, GoLang, and Python to achieve these goals. In addition, the class will introduce some ideas to deploy existing shellcode such as Cobalt Strike Beacon or Meterpreter within a programmed wrapper to enhance success in the age of modern endpoint defense. Many of the techniques introduced in this class can be used to evade modern defensive technologies.

Key Takeaways

  • Insight into command channel architecture
  • The ability to leverage different programming languages to execute custom malware
  • A diversity of solutions for establishing command channels

Who Should Take This Course?

  • Penetration testers
  • Any security professionals who want to know the inner workings on malware.
  • This class will help any organization that wants to start emulating advanced malware to test their defenses and detective capabilities.

What Students Will be Provided With

  • Access to a GitHub code repository with source code samples
  • Access to a PDF copy of all slideware

What Each Student Should Bring

  • A laptop that supports Windows Remote Desktop protocol.

Student Requirements

  • High-speed Internet connectivity
  • Ability to connect to remote Azure deployed desktops
  • SUGGESTED PREREQUISITE READING LIST
    • https://www.fireeye.com/blog/threat-research/2019/10/staying-hidden-on-the-endpoint-evading-detection-with-shellcode.html
    • https://i.blackhat.com/USA-19/Thursday/us-19-Kotler-Process-Injection-Techniques-Gotta-Catch-Them-All-wp.pdf
    • https://docs.microsoft.com/en-us/dotnet/csharp/tutorials/intro-to-csharp/
    • https://www.python.org/about/gettingstarted/
    • https://golang.org/doc/tutorial/getting-started

Trainer & Author

Joff Thyer
Joff Thyer

Joff Thyer has been a penetration tester and security analyst with Black Hills Information Security since 2013. Prior to joining the InfoSec world, he had a long career in the IT industry as a systems administrator and an enterprise network architect. He has an Associate’s in Computer Science, a B.S. in Mathematics, and an M.S. in Computer Science, as well as several certifications. The best part of a penetration test for Joff is developing sophisticated malware that tackles defensive solutions, ultimately delivering exciting wins for company engagements. He has extensive experience covering intrusion prevention/detection systems, infrastructure defense, vulnerability analysis, defense bypass, source code analysis, and exploit research. When Joff isn’t working or co-hosting the Security Weekly podcast, he enjoys making music and woodworking.


If no live trainings appear below, please visit our Live Training Calendar for other classes that may interest you.

Loading view.
  • There were no results found.
  • There were no results found.
Today
  • Previous Events
  • Today
  • Google Calendar
  • iCalendar
  • Outlook 365
  • Outlook Live
  • Export .ics file
  • Export Outlook .ics file

Join the Antisyphon Training Discord Server!
  • Twitter
  • LinkedIn
  • Mastodon
PROMPT#

Copyright © 2023 Antisyphon

Powered by PressBook Dark WordPress theme