Eric Stride, Kyle McCool - Red Team Tunneling, Pivoting, and Redirection by Deloitte - DCTLV2025
Name of Training: Red Team Tunneling, Pivoting, and Redirection by Deloitte
Trainer(s): Eric Stride and Kyle McCool
Dates: August 11-12, 2025
Time: 8:00 am to 5:00 pm PT
Venue: Las Vegas Convention Center
Cost: $1,900
Course Description:
This Red Team Tunneling, Pivoting, and Redirection course provides participants with an understanding of how an attacker approaches the exploitation process. While gaining access to and once on the network, participants learn the techniques adversaries use to hide from detection and gain access to multiple different private networks by creating tunnels and pivots. This course provides participants with a baseline understanding of the tactics, techniques, and procedures an attacker uses to gain access to a network and pivot to different hosts. These concepts are then expanded through labs and lectures to provide a deeper understanding of exploitation and tunneling.
*Students will receive 6 months of access to our virtual lab environment to continue practicing the concepts they are taught in this course.
Course Outline:
- Introduction: Class Introduction
- Lesson 1: Exploit Methodology
- Review a common methodology attackers use to gain access to systems
- Identify footprinting techniques
- Identify active scanning techniques
- Identify detailed network and host discovery methods
- Use network visualization techniques to identify potential vulnerabilities
- Identify techniques used to gain network access
- Identify techniques used to gain elevated access to resources
- Identify goals once access is gained
- Lesson 2: Introduction to Tunneling
- Tunneling use case
- Standard redirectors
- Exercise 1 - DNS and ICMP Tunneling
- What is TOR?
- SSH tunneling
- Exercise 2 – SSH Tunnel
- Tunneling use case
- Lesson 3: Metasploit Framework
- Describe the advantages of using Metasploit
- Identify Metasploit folder structure and content
- Identify the main script used to launch the framework
- Interact with the main interface to configure and execute the following:
- Exploits
- Payloads
- Auxiliary
- Exploits
- How to use the search functionality
- Exercise 3 – Metasploit Familiarization
- Exercise 4 – Metasploit Exploit and Post Modules
- Describe the advantages of using Metasploit
- Lesson 4: Exploitation Tunneling and Redirection
- Exploit systems through SSH tunnels
- Exploit systems through PortProxy redirections
- Use nmap through tunnels
- Configure a multi-handler for use in tunnels
- Metasploit post module selection/configuration
- Exercise 5 – Exploitation Tunneling
- Exercise 6 – Tunneling Challenge
- Exercise 7 – Tunneling Playground
- Exploit systems through SSH tunnels
Difficulty Level:
Intermediate
Suggested Prerequisites:
There are no prerequisites for this class, but having some experience with Metasploit would be beneficial.
What Students Should Bring:
Participants will need to bring their own device with a modern web browser / keyboard.
Trainer(s) Bio:
Kyle is a senior Detect & Respond Cyber Threat Intelligence Analyst and Cyber Instructor with over ten years of experience in Cyber Threat Intelligence and Intelligence Analysis. He is a US Army veteran serving with the Special Operations Command, National Security Agency, and the United States Cyber Command where he specialized in intelligence, cyber operations, cyber training, and Geo-Political affairs as a Russian language and cultural expert. Kyle holds several industry certifications including GIAC Certified Threat Intelligence (GCTI), GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Security Essentials (GSEC), CompTIA Networking +, EC-Council Certified Threat Intelligence Analyst, and is a certified NSA Adjunct Faculty member.
Eric is a Specialist Executive at Deloitte. He is recognized for eminence in offensive cyber operations (OCO) for the US military, and cyber defense capability development & security operations in the commercial sector. Previously as an independent consultant, he advised clients on cybersecurity technology, operations, & management. Prior roles include CTO, overseeing cybersecurity service delivery to clients, and SVP, leading R&D. He has 22 yrs experience in Defense, Security, & Justice (DS&J). 12 yrs active duty USAF, with 5 at NSA. He supported highly technical cyber ops at USAF, NSA, & US Cyber Command. At the USAF, he established the 1st regional cyber combat msn team; commanded an OCO unit & a DCO Sq; served as OCO SME to the acquisition office; co-authored the 1st weapons & tactics manual addressing OCO; was the 1st OCO evaluator at the NAF level. At NSA, he worked dev & ops; a CNODP alum; was deputy chief of cyber ops at NSA-Georgia. He currently serves part-time as a Reserve Colonel, supporting the 67th Cyberspace Wing.
Deloitte is recognized as a global leader in Security Consulting, Cybersecurity Incident Response Services, Managed Cloud Services, and Strategic Risk Management Consulting. Deloitte is considered one of the “Big Four” accounting firms and is the largest professional services organization in the world.
Registration Terms and Conditions:
Trainings are refundable before July 8, 2025, minus a non-refundable processing fee of $250.
Trainings are non-refundable after July 8, 2025.
Training tickets may be transferred. Please email us at training@defcon.org for specifics.
If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).
Failure to attend the training without prior written notification, will be considered a no-show. No refund will be given.
By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.
Several breaks will be included throughout the day. Please note that food is not included.
All courses come with a certificate of completion, contingent upon attendance at all course sessions.
Training Justification Request – DEF CON Training
To: [Manager Name]
From: [Employee Name]
Date: [Date]
Subject: Business Justification for Attendance at DEF CON Training
Dear [manager’s name],
I am requesting approval to attend DEF CON Training, one of the cybersecurity industry's most recognized technical training programs. I’ve reviewed the options and selected a course to expand my skills with [1-2 key skills focus areas for the course].
DEF CON has been one of the world’s leading cybersecurity communities for more than three decades, known for convening industry, government, and independent experts to exchange advanced knowledge and practical skills. Building on this tradition, DEF CON Training delivers intensive courses taught by recognized global instructors. DEF CON Training courses offer hands-on instruction in a challenging, fast-paced environment. Many of the courses offered by DEF CON Training align with the National Institute of Standards and Technology (NIST) NICE Framework and Department of Defense Cyber Workforce Framework (DCWF), and attending this course will help me build and sharpen the skills required for my role.
Training: [Name of DEF CON Training Course]
Instructor/Provider: [Trainer Name(s)]
Dates: [Training Dates]
Location: Las Vegas, NV
Cost: [Course Fee]
Travel Expenses: [estimated travel & accommodations costs]
Course Description: [Copy short description of the selected class from the website here]
Trainer Bio: [Copy bio of the trainers of the selected class from the website here]
Once I’ve completed the course, I’ll be able to:
[copy student outcomes from course page where available or choose 3-4 skills or topic areas from the outline that are applicable to your current role, will help you fill a skill gap, etc.]
Business Need
As cyber threats continue to evolve, it is critical that our organization maintains current knowledge of emerging techniques and industry best practices. The selected DEF CON training aligns directly with my responsibilities in [your role/field here - for example, security operations, incident response, threat detection and hunting, application security, cloud security, risk management, security engineering].
The course will provide practical, hands-on experience that can be immediately applied to our environment and security initiatives. DEF CON training emphasizes real-world attack and defense scenarios, enabling participants to develop skills that extend beyond traditional classroom learning.
Request for Approval
I respectfully request approval and funding to attend DEF CON Training this August in Las Vegas. The knowledge, hands-on experience, and industry insights gained will directly support our cybersecurity objectives and contribute to strengthening our organization's security capabilities.
Thank you for your consideration. Please let me know if you have questions or need additional information to support this request.
Sincerely,
[Employee name]