On This Page

Red vs. Blue Techniques with HuntTeaming

David Kennedy
Ben Ten
Martin Bos
Larry Spohn
July 30-31 & August 1-2


The attacks continue to change and most organizations still don't have the capabilities to detect the basic attacks. Adversarial simulation relies on attacks that are designed to maintain persistence and gain access to the data needed. This course focuses on the latest attack techniques giving penetration testers the ability to learn the new techniques but also focuses on teaching how to best defend against the attacks. The term hunt team focuses on taking a proactive approach in assuming an environment is already compromised. This course will cover both red and blue team efforts and provide methods for understanding how to best detect threats in an enterprise.

This course is completely hands on!

At the end of day 1 - you will be attacking a fully simulated network and performing offensive capabilities against our trainers who have to defend! At the end of day 2 - you will be defending while our trainers go on the offense while you try to stop and detect the attacks.

This course applies real-world offense and defense capabilities to truly paint the full picture of understanding how attacks happen today and how to best prevent them.

This course is brand new and the first time we've ever given it. The course is completely fresh and contains all of the latest pentester methods as well as unreleased methods for detecting attacks.

Day 1 Outline

  • Introduction to Attacker Techniques
  • Common Methods for Exploitation
  • Methods for Persistence and Evasion
  • Lateral Movement and Pivoting
  • Circumventing Security Defenses
  • Understanding Attacker Mindsets
  • Performing an adversarial simulation
  • Simulated Attack Scenario on Live Network (TRAINERS DEFENSE, STUDENTS OFFENSE)

Day 2 Outline

  • Developing a Common Defense
  • Introduction to Hunt Teaming
  • Performing a hunt team exercise
  • Tools, tricks, and free scripts!
  • Identifying threats on the network
  • Identifying threats on the endpoint
  • Using existing technology in the network
  • Special goodies
  • Defending the Network - Live Network Defense (STUDENTS DEFENSE, TRAINERS OFFENSE)

Who Should Take this Course

  • Penetration Testers
  • Blue Team Members
  • Hunt Teams

Student Requirements

Students can be from all different types of backgrounds and knowledge. Regardless if you are a penetration tester, or someone that focuses on defense - this course is for you. We heavily recommend at the minimum having basic systems administration experience - this will help you with hands on.

What Students Should Bring

  • Laptop with VMWare/Fusion or similar (VirtualBox is not recommended).

  • Kali Linux in a virtual machine (or primary OS)

  • OR Ubuntu (LTS) with PenTesters Framework already loaded and up-to-date (github.com/trustedsec/ptf).

  • Windows system (Windows 7+)

What Students Will Be Provided With

  • Electronic copies of all of the course material.
  • Custom scripts and techniques for both offense and defense


Dave Kennedy is founder of TrustedSec and Binary Defense Systems. Both organizations focus on the betterment of the security industry from an offense and a defense perspective. David was the former Chief Security Officer (CSO) for a Fortune 1000 company where he ran the entire information security program. Kennedy is a co-author of the book "Metasploit: The Penetration Testers Guide", the creator of the Social-Engineer Toolkit (SET), and Artillery. Kennedy has been interviewed by several news organizations including CNN, Fox News, MSNBC, CNBC, Katie Couric, and BBC World News. Kennedy is the co-host of the social-engineer podcast and on a number of additional podcasts. Kennedy has testified in front of Congress on two occasions on the security around government websites. Kennedy is one of the co-authors of the Penetration Testing Execution Standard (PTES); a framework designed to fix the penetration testing industry. Kennedy is the co-founder of DerbyCon, a large-scale conference in Louisville, Kentucky. Prior to Diebold, Kennedy was a VP of Consulting and Partner of a mid-size information security consulting company running the security consulting practice. Prior to the private sector, Kennedy worked for the United States Marine Corps and deployed to Iraq twice for intelligence related missions.