lystena · September 12, 2019 09:48
diff --git a/venturing_into_the_dark.txt b/venturing_into_the_dark.txt
 ===========================================================================
 Venturing into the Dark - a review of Dark Side Ops 2: Adversary Simulation
 ===========================================================================
 ---------------------------------------------------------------------------
 Location:   BlackHat Las Vegas
 Links:      https://www.blackhat.com/us-19/training/schedule/#dark-side-ops
            ----adversary-simulation-14210
            https://silentbreaksecurity.com/training/dark-side-ops-2-advers
            ary-simulation/
 Trainers:   Silent Break Security Team (team of 3)
 Class Size: 21
 Duration:   2 days
 ---------------------------------------------------------------------------

 BACKGROUND
 ----------
 Recently I was fortunate enough to undertake the Dark Side Ops 2: Adversary
 Simulation course. This course is run by the Silent Break Security team and
 is intended to build on their Dark Side Ops: Malware Dev course. The course
 as described in their own words:

     "helps participants up their offensive game by sharing the latest     
     in initial access and post-exploitation, defensive countermeasure     
     bypasses, and unique malware code execution techniques."

 ... well colour me interested. For the most part, long gone are the days of
 1997, when you could trip into admin rights while trying to disable Clippy.
 Modern controls have changed a default Windows build from Swiss cheese into
 a potentially daunting challenge. Unmodified open source tools often do not
 cut it. DSO seeks to help participants dive into developing and customising
 their own toolkits to take the challenge head on.

 COURSE STRUCTURE
 ----------------
 The course followed the tried-and-true format of an instructor talking to a
 set of slides - introducing the topic, outlining the use cases, noting some
 areas for further research - all of which prepares you for the relevant lab
 material. These presentations are short, sharp and open up discussions that
 focus on realistic use cases and real world scenarios.

 The lab time was guided by the manual and self-paced. If you are pushed for
 time or struggling with the concept, the manual has enough detail that will
 walk you through the exercises step by step. Topics also have challenges or
 stop goals to push your understanding if you are racing ahead of the class.

 CONTENT SYNOPSIS
 ----------------
 11 labs cover the following topics, and flow logically from one to another:

 [+] DAY 1
 - Automating infrastructure deployment
 - Windows Subsystems (COM, WSH, .NET, SxS)
 - Transitions and staging (Customising D2J and payloads)
 - Initial Access Techniques (getting payloads to be operationally ready)

 [+] DAY 2
 - Zero day techniques (A methodology with examples to work from)
 - Into to rootkits (Build, modify, abuse and trigger)
 - Persistence techniques (Abusing existing functionality for persistence)
 - Targeting custom services (reverse engineering a custom .NET service)

 WHAT YOU ARE PROVIDED WITH
 --------------------------
 - A thorough, well documented lab manual (printed and bound; plus PDF)
 - PDF copy of the presentation slides
 - Three customised virtual machines
 - Lab source code samples

 WHAT YOU'LL NEED
 ----------------
 - A machine capable of running 3 virtual machines simultaneously
 - A healthy dose of enthusiasm, curiosity and willingness to use VS code
 - An ability to at a minimum follow instructions and debug error messages
 - Ideally a basic understanding of the course material and tool use cases

 WHO WOULD BENEFIT FROM THE COURSE
 ---------------------------------
 - People interested in offensive security looking to build custom tooling
 - Penetration testers and Red-teamers looking to build out new techniques
 - Blue-teamers looking to understand current adversary techniques/tooling

 IN REVIEW
 ---------
 I've been fortunate enough to have completed the OSCP, SANS SCADA training,
 Pentester Academy Blackhat training, as well as various employers, vendors,
 and community-run conference trainings. Looking back, all of them have been
 useful at one time or another. This time however, I felt compelled to write
 down how truly impressed with the course I was. Nick, Brady and the rest of
 the Silent Break Security team have created well thought out material which
 will help develop your tradecraft as well as your ability to customise your
 own tooling; ultimately making you a more effective and realistic operator.

 THANKS
 ------
 - $EMPLOYER for paying the way and making it all financially feasible
 - Raphael Mudge who reviewed a different Silent Break Security course which
  encouraged me to consider this course in the first place
 - Nick, Brady and the Silent Break Security team for investing the time and
  energy needed to run a top-quality training course
 - @Joshua1909 for suggestions and corrections
	===========================================================================
	Venturing into the Dark - a review of Dark Side Ops 2: Adversary Simulation
	===========================================================================
	---------------------------------------------------------------------------
	Location: BlackHat Las Vegas
	Links: https://www.blackhat.com/us-19/training/schedule/#dark-side-ops
	----adversary-simulation-14210
	https://silentbreaksecurity.com/training/dark-side-ops-2-advers
	ary-simulation/
	Trainers: Silent Break Security Team (team of 3)
	Class Size: 21
	Duration: 2 days
	---------------------------------------------------------------------------

	BACKGROUND
	----------
	Recently I was fortunate enough to undertake the Dark Side Ops 2: Adversary
	Simulation course. This course is run by the Silent Break Security team and
	is intended to build on their Dark Side Ops: Malware Dev course. The course
	as described in their own words:

	"helps participants up their offensive game by sharing the latest
	in initial access and post-exploitation, defensive countermeasure
	bypasses, and unique malware code execution techniques."

	... well colour me interested. For the most part, long gone are the days of
	1997, when you could trip into admin rights while trying to disable Clippy.
	Modern controls have changed a default Windows build from Swiss cheese into
	a potentially daunting challenge. Unmodified open source tools often do not
	cut it. DSO seeks to help participants dive into developing and customising
	their own toolkits to take the challenge head on.

	COURSE STRUCTURE
	----------------
	The course followed the tried-and-true format of an instructor talking to a
	set of slides - introducing the topic, outlining the use cases, noting some
	areas for further research - all of which prepares you for the relevant lab
	material. These presentations are short, sharp and open up discussions that
	focus on realistic use cases and real world scenarios.

	The lab time was guided by the manual and self-paced. If you are pushed for
	time or struggling with the concept, the manual has enough detail that will
	walk you through the exercises step by step. Topics also have challenges or
	stop goals to push your understanding if you are racing ahead of the class.

	CONTENT SYNOPSIS
	----------------
	11 labs cover the following topics, and flow logically from one to another:

	[+] DAY 1
	- Automating infrastructure deployment
	- Windows Subsystems (COM, WSH, .NET, SxS)
	- Transitions and staging (Customising D2J and payloads)
	- Initial Access Techniques (getting payloads to be operationally ready)

	[+] DAY 2
	- Zero day techniques (A methodology with examples to work from)
	- Into to rootkits (Build, modify, abuse and trigger)
	- Persistence techniques (Abusing existing functionality for persistence)
	- Targeting custom services (reverse engineering a custom .NET service)

	WHAT YOU ARE PROVIDED WITH
	--------------------------
	- A thorough, well documented lab manual (printed and bound; plus PDF)
	- PDF copy of the presentation slides
	- Three customised virtual machines
	- Lab source code samples

	WHAT YOU'LL NEED
	----------------
	- A machine capable of running 3 virtual machines simultaneously
	- A healthy dose of enthusiasm, curiosity and willingness to use VS code
	- An ability to at a minimum follow instructions and debug error messages
	- Ideally a basic understanding of the course material and tool use cases

	WHO WOULD BENEFIT FROM THE COURSE
	---------------------------------
	- People interested in offensive security looking to build custom tooling
	- Penetration testers and Red-teamers looking to build out new techniques
	- Blue-teamers looking to understand current adversary techniques/tooling

	IN REVIEW
	---------
	I've been fortunate enough to have completed the OSCP, SANS SCADA training,
	Pentester Academy Blackhat training, as well as various employers, vendors,
	and community-run conference trainings. Looking back, all of them have been
	useful at one time or another. This time however, I felt compelled to write
	down how truly impressed with the course I was. Nick, Brady and the rest of
	the Silent Break Security team have created well thought out material which
	will help develop your tradecraft as well as your ability to customise your
	own tooling; ultimately making you a more effective and realistic operator.

	THANKS
	------
	- $EMPLOYER for paying the way and making it all financially feasible
	- Raphael Mudge who reviewed a different Silent Break Security course which
	encouraged me to consider this course in the first place
	- Nick, Brady and the Silent Break Security team for investing the time and
	energy needed to run a top-quality training course
	- @Joshua1909 for suggestions and corrections