Previous

RedOps Training

If you know nothing, you have to believe everything

Whether on the red or blue team, both should regularly invest time and resources to train their team members. I personally devote significant time to research and education, offering a hands-on approach when training my students. While I specialize in offensive security, particularly in areas like Windows Internals, EDR Evasion, Malware Development, and debugging, I also make it a point to switch perspectives and delve into the defensive side to broaden my understanding.

DEF CON 31 Workshop

My passions include Windows Internals, malware development, antivirus (AV) and endpoint detection and response (EDR). If you want to get a first impression of my expertise and attention to detail, I invite you to have a look at the following workshop material, which I invested several months of my time in and presented as part of a one-day workshop entitled "(In)direct Syscalls: A journey from high to low" at the Red Team Village at DEF CON 31 in Las Vegas. The workshop materials for the DEF CON 31 workshop are completely free, and the entire workshop can be done independently in your own virtual LAB using the workshop materials. The technical workshop requirements can be found here.

Online Live Training: Endpoint Security Insights

I'm pleased to present my 4-day live online training, "Endpoint Security Insights: Shellcode Loaders and Evasion". The focus of this course is to learn more about the Windows Internals needed to better understand the functionality of EDRs on Windows and to gain a deeper understanding of the mechanisms they use on Windows. We will also build, debug and understand step-by-step a shellcode loader with various basic evasion capabilities such as unhooking, indirect syscalls, shellcode encryption, playing with metadata, etc. to evade EDR mechanisms such as user mode hooking, return address checking, etc. Students will also have the opportunity to test their loaders against an enterprise EPP/EDR.

In recent years, evading Endpoint Protection Products (EPPs) and Endpoint Detection and Response Products (EDRs) has become more difficult and is now a really important part of any Red Team engagement. Every EDR is different and has different strengths and weaknesses, and there is no silver bullet for EDR evasion. But at the very least, knowing the basics of EDR evasion and shellcode loader development is essential, even for juniors.

Over the past six years, I have gained a lot of experience in endpoint security evasion with many different products, and I want to share some of my knowledge in my "Endpoint Security Insights: Shellcode Loaders and Evasion" course. First, we will look at the basics of Windows Internals to better understand how EDRs work on Windows. Then we will take a closer look at EDR defence mechanisms such as user mode hooking and ETW, and then we will look at possible techniques such as unhooking, direct syscalls or indirect syscalls, playing with metadata, entropy etc. to get around these mechanisms or the EDR.

For more information, course details and to book tickets, please follow this link.

Why train with RedOps?

I devote a lot of time to training and research and love to delve into a subject. One of my great strengths is being able to prepare and communicate complex knowledge in a way that even a layperson can understand and apply. Anyone who knows me, reads my blog posts or follows my conference presentations knows that I have a soft spot for detail and that conveying knowledge in a simple and understandable way is my top priority. My aim is not to work quantitatively but to deliver high quality workshop content.

Responsibility Research Quality
  • Responsibility and Integrity

    Anyone who uses offensive security services and deliberately exposes themselves to an ethical hacking attack should do so with a partner they can absolutely trust. I keep all information strictly confidential and am 100% integer in what I do.

  • Research Orientation

    IT security is not a product, but a constant learning process. That's why I invest a lot of time in further education and research. I have already been able to present my results in the area of endpoint security at several international IT security conferences.

  • Quality Instead of Quantity

    With Offensive Security, I have made my passion my core competence. I don't sell products or licences, but live purely from my expertise in the field of IT security. For me, quality clearly comes before quantity.