Mastering breach and adversarial attack simulation engagements to validate cyber defenses - Abhijith "Abx" B R - DCTAC2025
Name of Training: Mastering breach and adversarial attack simulation engagements to validate cyber defenses
Trainer(s): Abhijith "Abx" B R
Dates: November 3-4, 2025
Time: 8:00 am to 5:00 pm
Venue: TBD
Cost: $2,200
Course Description:
The hands-on training has been created to provide the participants with a better understanding of offensive security operations, breach and adversary simulation engagements. The goal is to enable the participants to simulate adversaries based on the industry in which their organization operates covering both known and unknown threat actors.
Participants will learn to emulate various threat actors safely in a controlled, enterprise-level environment. In addition to understanding offensive tradecraft and TTPs, participants will gain critical insight into how adversaries operate, which directly supports the ability to test, validate, and improve their own organization's cyber defenses.
Performing such attack simulation engagements not only sharpens offensive skills but also enables defenders to proactively identify gaps, assess detection capabilities, and build more resilient security postures.
This training is designed to benefit both offensive and defensive security professionals. Offensive practitioners will enhance their red teaming and simulation planning expertise, while defensive professionals such as SOC analysts, detection engineers, and blue teamers will gain visibility into attacker behaviors, understand real-world evasion techniques, and learn how to harden their environments more effectively.
All machines in the lab environment will be equipped with AV, web proxies, EDR, and other defense systems. The training management platform will provide modules and videos for each attack vector used in the lab environment, alongside a step-by-step walkthrough of the attack paths. This ensures participants can correlate each attack technique with defensive telemetry and response opportunities.
Participants will also gain access to a breach simulation lab range, where they can perform a full red team attack simulation scenario in guided mode. Each step of the attack chain from initial access to exfiltration, will be explained in depth along with the TTPs used, offering both offensive and defensive perspectives at each stage.
Course Outline:
1. Taking the first step: Understanding the fundamentals. [2 hours]
- Introduction to offensive cyber security operations
- Adversary emulation vs Adversary simulation
- Assessing return on investments (ROI)
- Breach and attack simulation (BAS)
- Cyber threat intelligence, Threat-informed defense
- Cyber defense systems, blue teams and Importance of purple teaming
- Frameworks and standards, MITRE ATT&CK matrix, Cyber Kill chain
- Evolution of threat-actors
- Red teaming
- Adversarial Exposure Validation
2. Introduction to adversary emulation engagements [4 hours]
- Adversary emulation kickoff in your organization Adversary emulation exercises
- Collecting actionable cyber threat intelligence from public sources Threat Report ATT&CK Mapper (TRAM)
- Identifying and selecting TTPs to emulate, building an emulation plan
- Performing and executing adversary emulation engagements to test cyber defenses
- Testing endpoint security controls with adversary emulation techniques.
- Open-source projects for effective emulation of threats.
- Adversary emulation - atomic red team
- Executing atomic red team
- Adversary emulation - MITRE Caldera project
- Getting started with Caldera project
- Deploying caldera in your organization’s environment, Emulating threat-actors with Caldera and Emulating a few known threat-actors with Caldera
- ATT&CK Navigator
- Using VECTR for generating reports and documentation.
- Using AI/GPT systems of practical threat intel powered adversarial attack emulation
- Getting started with Caldera project
3. Breach and adversary simulation [6 hours]
- Introducing Breach and adversary simulation range lab environment
- Adversary and red team infrastructure
- Building efficient adversary infrastructure: This module will give an overview of building production ready red team infrastructure to bypass and validate the defenses of your organization.
- Building efficient adversary infrastructure: This module will give an overview of building production ready red team infrastructure to bypass and validate the defenses of your organization.
- Breach simulation lab infrastructure guided walkthrough
- The lab will have an exact replica of enterprise environment along with security controls. Each phase of the attack path in the red team lab will be demonstrated as a guided lab walkthrough.
-
Command and control (C2), Gaining initial access to the environment, Persistence and privilege escalation, Defense evasion to execute payloads, Credential harvesting, Internal recon and discovery, Lateral movement techniques, Data collection and exfiltration channels.
- The lab will have an exact replica of enterprise environment along with security controls. Each phase of the attack path in the red team lab will be demonstrated as a guided lab walkthrough.
- Along with the hands-on simulation range, the following modules will also be covered. Identifying security gaps and exploitation, Active Directory attacks, testing endpoint security controls, simulating defense evasion techniques and tools (SysWhispers, AMSI bypass, Process Injection, Shellcode loaders, P/D/Invoke, Syscall, Hells gate)
- Using adversary simulation to test and assess Anti-virus systems, security control validation, simulating data exfiltration, reporting and correlation with SIEM systems.
- Incident response plans and validating them with adversary simulation exercises
4. Ransomware emulation [1 hour]
- Emulating ransomware in a controlled environment, Custom build ransomware simulation for assessing endpoint security controls and defense systems.
- APT Simulation
- Assessing cyber security and defense products ROI with ransomware emulation.
5. Cyber defense teams: Launching your first purple teaming exercise [3 hours]
- Connecting all dots from the previous modules to perform a purple team engagements
- Frameworks, standards, and prerequisites
- Carrying out purple team engagement in your organization
- Planning, executing, collaborative analysis, Detection engineering Reporting and presentation.
6. Capture the flag competition and badges
- CTF competition for the participants and digital badges
Difficulty Level:
Intermediate to advanced
Suggested Prerequisites:
Basic understanding of offensive security tradecraft and adversary emulation
What Students Should Bring:
A Windows/Linux laptop with at least 8 GB of RAM, Access to Internet
Trainer(s) Bio:
Abhijith B R, also known by the pseudonym Abx, has more than a decade of experience in the offensive cyber security industry. He is a professional hacker, offensive cyber security specialist, red team consultant, security researcher, trainer and public speaker.
Currently, he is building BreachSimRange.io as a founder, director and involved with multiple organizations as a consulting specialist, to help them build offensive security operations programs, improve their current security posture, assess cyber defense systems, bridge the gap between business leadership and security professionals.
Abhijith was responsible for building and managing offensive security operations and adversary simulation for a prominent FinTech company called Envestnet, Inc. In the past, he held the position of Deputy Manager - Cyber Security at Nissan Motor Corporation, and prior to that, he worked as a Senior Security Analyst at EY.
As the founder of Adversary Village (https://adversaryvillage.org/), Abhijith spearheads a community initiative focused on adversary simulation, adversary-tactics, purple teaming, threat actor/ransomware research-emulation, and offensive cyber security. Adversary Village is part of DEF CON Villages and organizes hacking villages at prominent events such as the DEF CON Hacking Conference, RSA Conference etc.
Abx also acts as the Lead of an official DEF CON Group named DC0471. He is actively involved in leading the Tactical Adversary project (https://tacticaladversary.io/) a personal initiative that centers around offensive cyber security, adversary attack simulation and red teaming tradecraft.
Abhijith has spoken at various hacking and cyber security conferences such as, DEF CON hacker convention - Las Vegas, RSA Conference - San Francisco, The Diana Initiative - Las Vegas, DEF CON 28 safemode - DCG Village, Opensource India, Security BSides Las Vegas, BSides San Francisco, BSides Tampa, Hack Space Con - Kennedy space center Florida, Nullcon - Goa, c0c0n - Kerala, BSides Delhi etc.
Registration Terms and Conditions:
Trainings are refundable before October 2, 2025, minus a non-refundable processing fee of $250.
Trainings are non-refundable after October 2, 2025.
Training tickets may be transferred. Please email us at training@defcon.org for specifics.
If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).
Failure to attend the training without prior written notification, will be considered a no-show. No refund will be given.
By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.
Several breaks will be included throughout the day. Please note that food is not included.
All courses come with a certificate of completion, contingent upon attendance at all course sessions.