Adaptive Red Team Tactics

Veris Group | August 4-5

On This Page


Advanced attackers are able to infiltrate, move silently through networks and exfiltrate vast amounts of data, causing devastating effects to many organizations. Emulation of these threats through red team operations is the best method of assessing the true risk that advanced adversaries present to the enterprise. Adaptive Red Team Tactics is the course for you to expand your penetration testing skillset with threat emulation tactics in order to effectively execute full Red Team exercises. This immersive course builds on the operational techniques presented in Veris Group’s Adaptive Penetration Testing course, teaching participants how to evade network defenses and security controls, identify high-value targets, infiltrate an organization’s network, and demonstrate risk through data mining and exfiltration. Participants will spend the majority of this course using the techniques they learn to attack an operational, high-security enterprise network.

Red Team tactics often involve utilizing common penetration testing and administrative tools in different, more advanced ways. In addition, the use of specialized Red Team toolsets, such as Cobalt Strike (, enables more advanced threat emulation activities. Participants with use Cobalt Strike and custom open-source software, such as the Veil Framework, to deliver customized payloads, bypass security controls through cutting-edge evasion techniques and conduct advanced post-exploitation activities. Using these tools and techniques, participants will learn how to demonstrate the capabilities of the enemy, which for years have been only available to specialized, highly funded, Red Teams.

At the conclusion of the course, participants will be able to:

• Avoid detection through stealthy reconnaissance and move silently through a network
• Create highly targeted attacks to gain entry into a network
• Bypass common security controls such as Firewalls, IDS sensors, and Anti-Virus programs
• Employ Red Team tactics via practice in attacking an enterprise network with the full range of defensive capabilities (detection and active response)
• Demonstrate the impact of attacks by advanced threat actors
• Reference an electronic PDF job aid, complete with navigation, during actual assessments
• Further practice emulating advanced threats in their enterprises with a free 21-day trial version of Cobalt Strike

Who Should Take This Course

Participants should have previous penetration testing training and/or experience with penetration testing tools and techniques. This includes conducting information gathering, completing network enumeration, launching exploits, conducting privilege escalation, gathering post-exploitation information, and developing network foothold activities. Participants are encouraged to attend Veris Group’s Adaptive Penetration Testing course first, as this course builds on the topics presented there.

What Students Should Bring

A custom version of the latest Kali Linux image will be provided to participants - all exercises will be able to be performed from this virtual machine. Participants will need to bring their own laptop with:

• Wired network adapter
• 4GBs of RAM
• Ability to run a virtual machine (VMWare Player, Workstation, Fusion)


David McGuire is the Director of Penetration Testing Services at Veris Group, where he leads penetration testing and Red Team efforts for Fortune 500 commercial clients and major U.S. Government agencies. In addition, he specializes in building penetration testing / red team programs, methodologies and techniques. David has extensive experience in conducting large scale, highly specialized and technically difficult network penetration tests and adversarial network operations. In addition, he has spent several years training participants from various disciplines in red team operations and penetration testing methodologies, including at major industry conferences such as the Black Hat. In his previous life, David was the senior technical lead the National Security Agency Red Team, providing mission planning and direction through numerous large scale operations. David has a Bachelor's Degree in Computer Information Technology and is a CREST Certified Infrastructure Tester, GIAC Certified Penetration Tester, GIAC Certified Web Application Penetration Tester and an Offensive Security Certified Professional.

Chris Truncer is a penetration testing lead at Veris Group, LLC, where he leads a variety of penetration tests and red team exercises for Federal and commercial customers. His specialties include penetration testing post-exploitation, specialized technical vulnerability assessments and developing focused training for specific aspects of security assessments. Chris is a developer of the Veil Framework, an open-source Red Team toolsuite. Additionally, Chris specializes in developing custom lab environments for training on real world penetration testing scenarios and he has designed various security conference Capture the Flag events. Chris has a Bachelor's degree in Information Technology and is an Offensive Security Certified Professional, GIAC Certified Web Application Penetration Tester and Offensive Security Wireless Professional.

Will Schroeder is a research lead and red teamer for Veris Group’s Adaptive Threat Division, where he performs a variety of offensive services, including penetration testing and red team engagements for federal agencies and private sector companies. His expertise includes anti-virus evasion, threat replication, post-exploitation, Cortana attack scripting, and offensive Powershell development. Will is a developer of the Veil-Framework and has presented at a variety of security conferences including Shmooon, Defcon, and several Security BSides conferences. He has a strong computer science and security background, having worked at two of the leading cybersecurity research labs in the country, Sandia National Labs and SEI/CERT. Will holds a Masters in Information Security from Carnegie Mellon University, is an Offensive Security Certified Professional (OSCP) and an Offensive Security Certified Expert (OSCE).