Course Overview

The Adversary Emulation and Active Defense course provides an all-encompassing, introductory, hands-on experience that exposes participants to core information security concepts.

Each subject is introduced through theory with a strong focus on real-world application and its implications from both an offensive and defensive perspective. We have crafted over 20 hands-on, interactive lab exercises that play out in our specialized training environment, mimicking real-world networks and infrastructure deployments.

The Adversary Emulation and Active Defense course blends offensive and defensive training into one seamless experience. We achieve this through hands-on exercises that focus on multiple real-world attack chains that are executed by attendees. At the same time, students get to see how their actions look from a defender’s perspective, the artifacts left behind and the implications of their actions

Blackhat 2021

This 2-day, instructor led training course will be delivered remotely through a virtual platform. Students will receive 14-days of lab access and all training materials used during the course.

Date & Time

2-Day Course: 31 July - 1 August 2021 (virtual)
2-Day Course: 2-3 August 2021 (virtual)

Registration Links above

Who should attend this course?

If you’re managing security operations, performing penetration tests, executing red team engagements, threat hunting from a SOC or chasing attackers as a blue team ninja; this course will provide you with the necessary techniques, toolbox and environment to handle threats head-on and perform offensive operations while being aware of the implications of actions and artifacts left in your wake. Ideal participants will have 1 to 2 years of information security or IT related experience.


By focusing on the latest Tactics, Techniques and Procedures (TTPs) used by attackers and defenders, participants will learn concepts and skills that can be utilized as a force multiplier to increase capabilities in both offensive and defensive operations. Some of the core topics include:

  • Recon

    How to perform end-to-end reconnaissance on targets and identify attack vectors.

  • Command & Control

    Explore core concepts of CnC through hands on deployment of malicious agents through multiple vectors.

  • Parameter Breach

    Leverage several different techniques to breach the external parameter and tunnel deeper into your target network.

  • Privilege Escalation

    Perform local and AD domain based privilege escalation to extend your foothold.

  • Persistence

    Exploit several techniques to secure your foothold on an internal network and endpoints.

  • Lateral Movement

    Compromise additional systems on the network through various lateral movement techniques.

  • Event Monitoring

    Detect, monitor and investigate IOCs related to malicious activity on endpoints.

  • Phishing & AV Evasion

    Achieve RCE on endpoints through phishing with Microsoft Office payloads and evade detection.

  • AD Attack Chains

    Exploit Kerberos authentication, extract credentials from memory and abuse account privileges.