SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
SEC565: Red Team Operations and Adversary Emulation
SEC565Offensive Operations
- 6 Days (Instructor-Led)
- 36 Hours (Self-Paced)
Course created by:
Jean-François Maes & David Mayer
Course created by:Jean-François Maes & David Mayer
- 36 CPEs
Apply your credits to renew your certifications
- In-Person, Virtual or Self-Paced
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
- Intermediate Skill Level
Course material is geared for cyber security professionals with hands-on experience
- 30 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Master Red Team operations by leveraging adversary emulation, cyber threat intelligence, and Red Team tradecraft to execute consistent, repeatable engagements that improve defense effectiveness.
Featured Quote
The course content is absolutely amazing. Even if you already have some knowledge on the topic, there is still a wealth of information that will further enhance your understanding and solidify your procedures!
Course Overview
The SEC565 Red Team course equips participants with the skills to plan and execute Red Team engagements through adversary emulation, leveraging cyber threat intelligence to map and replicate adversary tactics, techniques, and procedures (TTPs). Using the Unified Kill Chain and MITRE® ATT&CK™ framework, students learn to build and manage Red Team operations, set up attack infrastructure, and exploit Active Directory within a simulated enterprise environment. The course emphasizes practical exercises and culminates in analysis of Blue Team responses, reporting, and remediation planning. Graduates emerge prepared to deliver consistent, repeatable Red Team engagements that assess and improve the effectiveness of organizational defenses.
What You’ll Learn
- Plan and execute Red Team engagements
- Leverage cyber threat intelligence in Red Teaming
- Emulate adversary TTPs using MITRE ATT&CK
- Apply technical Red Team tradecraft in attacks
- Learn to abuse Active Directory and exploit environments
- Analyze Blue Team responses and remediations
- Execute end-to-end adversary emulation attacks
Business Takeaways
- Strengthen Blue Team defenses through Red Team’s simulations
- Enhance detection and response with real-world attack emulation
- Provide actionable insights to address security gaps
- Measure and optimize defense systems for effectiveness
- Identify weaknesses in people, processes, and technology
- Boost proactive defense against advanced threats
- Demonstrate Red Teaming value in improving security posture
Meet Your Authors
- Slide 1 of 2
Jean-François Maes
Certified InstructorEuropean director of advanced assessment at Neuvik, specializing in penetration testing, red teaming, and adversary emulation. Passionate open-source contributor with extensive experience in offensive security technologies.
Read more about Jean-François Maes - Slide 2 of 2
David Mayer
Certified InstructorDave Mayer is a cybersecurity professional with a background in red teaming, threat emulation, and offensive security. As the founder of Neuvik, he has worked extensively on adversary simulations and penetration testing, helping organizations strengthen their security posture against real-world threats.
Read more about David Mayer
Slide 1 of 0
(1/0)
Course Syllabus
Explore the course syllabus below to view the full range of topics covered in SEC565: Red Team Operations and Adversary Emulation.
Section 1Planning Adversary Emulation and Threat Intelligence
This initial section establishes foundational concepts in adversary tactics, Red Team operations, and threat intelligence frameworks. Focus areas include engagement planning, threat actor analysis, and initial attack execution - all critical for emulating sophisticated adversaries in controlled environments.
Topics covered
- Advanced adversary emulation methods
- Unified kill chain & attack mapping
- Threat intel & OSINT operations
- Multi-factor bypass techniques
- Social engineering methodology
Labs
- Environment setup and orientation
- MITRE® ATT&CK framework implementation
- Threat intel analysis & reporting
- Strategic engagement planning
- Red team execution protocols
Section 2Attack Infrastructure and Operational Security
Section two is an advanced command-and-control (C2) infrastructure and tooling deep-dive focused on resilient attack frameworks, evasive redirector implementation, and OPSEC hardening. Students learn operational security monitoring, infrastructure protection, and defender evasion through sophisticated C2 architectures and communication channels.
Topics covered
- Modern C2 infrastructure design
- Advanced redirector methodologies
- Third-party hosting strategies
- OPSEC & infrastructure hardening
- IoC generation & prevention
Labs
- Advanced C2 framework deployment
- Resilient redirector configuration
- VECTR implementation & monitoring
- Cobalt Strike operator training
- Empire C2 architecture setup
Section 3Getting In and Staying In
Advanced payloads and network infiltration tactics form the core of this section. Students explore stealthy weaponization techniques and learn to establishe reliable initial access vectors for target environments. We pay special attention to evasive post-exploitation methodologies, including privilege escalation chains and persistent access methods.
Topics covered
- Sophisticated payload engineering
- Defensive control bypass tactics
- Network infiltration methodology
- Advanced persistence mechanisms
- AMSI evasion techniques
Labs
- Advanced payload crafting & testing
- Initial access vector development
- Network discovery & enumeration
- Privilege escalation techniques
- Persistent access implementation
Section 4Active Directory Attacks and Lateral Movement
Students explore comprehensive domain enumeration and advanced privilege escalation within Windows environments. Deep technical analysis covers cross-domain attack patterns, trust relationship exploitation, and sophisticated lateral movement tactics. Each concept integrates with practical attack tool implementation for maximum operational impact.
Topics covered
- Domain trust exploitation chains
- Authentication bypass techniques
- Certificate service manipulation
- Advanced delegation attacks
- Enterprise network pivoting
Labs
- Enterprise domain enumeration methods
- Token manipulation & privilege abuse
- Advanced AD attack tool deployment
- Bloodhound attack path analysis
- Cross-forest lateral movement tactics
Section 5Obtaining the Objective and Reporting
Students navigate advanced database attacks, sensitive data exfiltration methods, and impact demonstration through targeted system manipulation. We comprehensively cover engagement analysis, strategic reporting methodologies, and automated breach simulation techniques for continuous security validation.
Topics covered
- Database exploitation techniques
- Target system manipulation
- Engagement analysis frameworks
- Breach simulation deployment
- Red team measurement protocols
Labs
- Advanced database attack strategies
- Critical data exfiltration methods
- Engagement tracking & reporting
- Impact analysis & demonstration
- Automated breach simulation
Section 6Immersive Red Team Capture-the-Flag
Students operate across multiple domains, implementing sophisticated attack chains against Windows and Linux infrastructures. The immersive environment presents authentic user activity patterns, rich intelligence gathering opportunities, and segmented network challenges requiring advanced lateral movement techniques.
Topics covered
- Enterprise adversary emulation
- Cross-domain attack strategies
- Credential theft & exploitation
- Advanced C2 infrastructure
- Comprehensive impact analysis
Labs
- Full-spectrum enterprise Red Team engagement
- Multi-domain attack orchestration
- Cross-platform exploitation chains
- Advanced lateral movement execution
- Data identification & exfiltration
Things You Need To Know
Relevant Job Roles
Red Teamer
Offensive OperationsIn this role you will be challenged to look at problems and situations from the perspective of an adversary. The focus is on making the Blue Team better by testing and measuring the organization’s detection and response policies, procedures, and technologies. This role includes performing adversary emulation, a type of Red Team exercise where the Red Team emulates how an adversary operates, following the same tactics, techniques, and procedures (TTPs), with a specific objective similar to those of realistic threats or adversaries. It can also include creating custom implants and C2 frameworks to evade detection.
Explore learning pathCourse Schedule & Pricing
Looking for Group Purchase Options?Contact Us
GIAC Certification Attempt
Add a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.
OnDemand Course Access
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
Filter by:
Location & instructorDate & TimeCourse priceEnrollment options
- Location & instructor
Virtual (OnDemand)
Instructed by Jean-Francois MaesDate & TimeOnDemand (Anytime)Self-Paced, 4 months accessCourse price$8,780 USD*Prices exclude applicable local taxesEnrollment options - Location & instructor
Washington, DC, US & Virtual (live)
Instructed by Jean-Francois MaesDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
Amsterdam, NL & Virtual (live)
Instructed by Jean-Francois MaesDate & TimeFetching schedule..View event detailsCourse price€8,230 EUR*Prices exclude applicable local taxes - Location & instructor
San Antonio, TX, US & Virtual (live)
Instructed by Jean-Francois MaesDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxesEnrollment options - Location & instructor
Sydney, NSW, AU & Virtual (live)
Instructed by Jean-Francois MaesDate & TimeFetching schedule..View event detailsCourse priceA$13,350 AUD*Prices exclude applicable local taxes - Location & instructor
Rome, IT
Instructed by Bojan ZdrnjaDate & TimeFetching schedule..View event detailsCourse price€8,230 EUR*Prices exclude applicable local taxesEnrollment options - Location & instructor
Las Vegas, NV, US & Virtual (live)
Instructed by David MayerDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
Munich, DE
Instructed by Jean-Francois MaesDate & TimeFetching schedule..View event detailsCourse price€8,230 EUR*Prices exclude applicable local taxesEnrollment options
Showing 8 of 11
Learn Alongside Leading Cybersecurity Professionals From Around The World
- Slide 1 of 3The labs are fantastic, and they are fun to work through!
- Slide 2 of 3I studied for the OSCP. The course content and approach was OK, but this was next level. My mind was blown and I learned so much more. Simply excellent.
- Slide 3 of 3Course content is great. Very informative and up-to-date attack vectors.
Slide 1 of 0
(1/0)
Benefits of Learning with SANS
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources