Mastering breach and adversarial attack simulation engagements to validate cyber defenses - Abhijith "Abx" B R - DCTAC2025
Name of Training: Mastering breach and adversarial attack simulation engagements to validate cyber defenses
Trainer(s): Abhijith "Abx" B R
Dates: November 3-4, 2025
Time: 8:00 am to 5:00 pm
Venue: Exhibition World Bahrain
Cost: $2,200
Course Description:
The hands-on training has been created to provide the participants with a better understanding of offensive security operations, breach and adversary simulation engagements. The goal is to enable the participants to simulate adversaries based on the industry in which their organization operates covering both known and unknown threat actors.
Participants will learn to emulate various threat actors safely in a controlled, enterprise-level environment. In addition to understanding offensive tradecraft and TTPs, participants will gain critical insight into how adversaries operate, which directly supports the ability to test, validate, and improve their own organization's cyber defenses.
Performing such attack simulation engagements not only sharpens offensive skills but also enables defenders to proactively identify gaps, assess detection capabilities, and build more resilient security postures.
This training is designed to benefit both offensive and defensive security professionals. Offensive practitioners will enhance their red teaming and simulation planning expertise, while defensive professionals such as SOC analysts, detection engineers, and blue teamers will gain visibility into attacker behaviors, understand real-world evasion techniques, and learn how to harden their environments more effectively.
All machines in the lab environment will be equipped with AV, web proxies, EDR, and other defense systems. The training management platform will provide modules and videos for each attack vector used in the lab environment, alongside a step-by-step walkthrough of the attack paths. This ensures participants can correlate each attack technique with defensive telemetry and response opportunities.
Participants will also gain access to a breach simulation lab range, where they can perform a full red team attack simulation scenario in guided mode. Each step of the attack chain from initial access to exfiltration, will be explained in depth along with the TTPs used, offering both offensive and defensive perspectives at each stage.
Course Outline:
1. Taking the first step: Understanding the fundamentals. [2 hours]
- Introduction to offensive cyber security operations
- Adversary emulation vs Adversary simulation
- Assessing return on investments (ROI)
- Breach and attack simulation (BAS)
- Cyber threat intelligence, Threat-informed defense
- Cyber defense systems, blue teams and Importance of purple teaming
- Frameworks and standards, MITRE ATT&CK matrix, Cyber Kill chain
- Evolution of threat-actors
- Red teaming
- Adversarial Exposure Validation
2. Introduction to adversary emulation engagements [4 hours]
- Adversary emulation kickoff in your organization Adversary emulation exercises
- Collecting actionable cyber threat intelligence from public sources Threat Report ATT&CK Mapper (TRAM)
- Identifying and selecting TTPs to emulate, building an emulation plan
- Performing and executing adversary emulation engagements to test cyber defenses
- Testing endpoint security controls with adversary emulation techniques.
- Open-source projects for effective emulation of threats.
- Adversary emulation - atomic red team
- Executing atomic red team
- Adversary emulation - MITRE Caldera project
- Getting started with Caldera project
- Deploying caldera in your organization’s environment, Emulating threat-actors with Caldera and Emulating a few known threat-actors with Caldera
- ATT&CK Navigator
- Using VECTR for generating reports and documentation.
- Using AI/GPT systems of practical threat intel powered adversarial attack emulation
- Getting started with Caldera project
3. Breach and adversary simulation [6 hours]
- Introducing Breach and adversary simulation range lab environment
- Adversary and red team infrastructure
- Building efficient adversary infrastructure: This module will give an overview of building production ready red team infrastructure to bypass and validate the defenses of your organization.
- Building efficient adversary infrastructure: This module will give an overview of building production ready red team infrastructure to bypass and validate the defenses of your organization.
- Breach simulation lab infrastructure guided walkthrough
- The lab will have an exact replica of enterprise environment along with security controls. Each phase of the attack path in the red team lab will be demonstrated as a guided lab walkthrough.
-
Command and control (C2), Gaining initial access to the environment, Persistence and privilege escalation, Defense evasion to execute payloads, Credential harvesting, Internal recon and discovery, Lateral movement techniques, Data collection and exfiltration channels.
- The lab will have an exact replica of enterprise environment along with security controls. Each phase of the attack path in the red team lab will be demonstrated as a guided lab walkthrough.
- Along with the hands-on simulation range, the following modules will also be covered. Identifying security gaps and exploitation, Active Directory attacks, testing endpoint security controls, simulating defense evasion techniques and tools (SysWhispers, AMSI bypass, Process Injection, Shellcode loaders, P/D/Invoke, Syscall, Hells gate)
- Using adversary simulation to test and assess Anti-virus systems, security control validation, simulating data exfiltration, reporting and correlation with SIEM systems.
- Incident response plans and validating them with adversary simulation exercises
4. Ransomware emulation [1 hour]
- Emulating ransomware in a controlled environment, Custom build ransomware simulation for assessing endpoint security controls and defense systems.
- APT Simulation
- Assessing cyber security and defense products ROI with ransomware emulation.
5. Cyber defense teams: Launching your first purple teaming exercise [3 hours]
- Connecting all dots from the previous modules to perform a purple team engagements
- Frameworks, standards, and prerequisites
- Carrying out purple team engagement in your organization
- Planning, executing, collaborative analysis, Detection engineering Reporting and presentation.
6. Capture the flag competition and badges
- CTF competition for the participants and digital badges
Difficulty Level:
Intermediate to advanced
Suggested Prerequisites:
Basic understanding of offensive security tradecraft and adversary emulation
What Students Should Bring:
A Windows/Linux laptop with at least 8 GB of RAM, Access to Internet
Students will be provided with:
- Course material (PDF)
- Lab access, LMS access to lab guides
- Custom malware/ransomware simulation/loaders and payloads code samples
- Access to private code repositories
- Adversary simulation plans and playbooks
- Downloadable VM images for offline practice
- Detection engineering resources (Sigma rules, EQL/KQL queries)
- Reporting templates and sample reports
- Post-training reference toolkit and exercises (curated open-source tools and scripts)
- Certified breach and adversarial attack simulation specialist (CBAS) certification (Proficiency exam required)
- Digital badges and challenge coins (Proficiency exam required)
Trainer(s) Bio:
Abhijith B R, also known by the pseudonym Abx, has more than a decade of experience in the offensive cyber security industry. He is a professional hacker, offensive cyber security specialist, red team consultant, security researcher, trainer and public speaker.
Currently, he is building BreachSimRange.io as a founder, director and involved with multiple organizations as a consulting specialist, to help them build offensive security operations programs, improve their current security posture, assess cyber defense systems, bridge the gap between business leadership and security professionals.
Abhijith was responsible for building and managing offensive security operations and adversary simulation for a prominent FinTech company called Envestnet, Inc. In the past, he held the position of Deputy Manager - Cyber Security at Nissan Motor Corporation, and prior to that, he worked as a Senior Security Analyst at EY.
As the founder of Adversary Village (https://adversaryvillage.org/), Abhijith spearheads a community initiative focused on adversary simulation, adversary-tactics, purple teaming, threat actor/ransomware research-emulation, and offensive cyber security. Adversary Village is part of DEF CON Villages and organizes hacking villages at prominent events such as the DEF CON Hacking Conference, RSA Conference etc.
Abx also acts as the Lead of an official DEF CON Group named DC0471. He is actively involved in leading the Tactical Adversary project (https://tacticaladversary.io/) a personal initiative that centers around offensive cyber security, adversary attack simulation and red teaming tradecraft.
Abhijith has spoken at various hacking and cyber security conferences such as, DEF CON hacker convention - Las Vegas, RSA Conference - San Francisco, The Diana Initiative - Las Vegas, DEF CON 28 safemode - DCG Village, Opensource India, Security BSides Las Vegas, BSides San Francisco, BSides Tampa, Hack Space Con - Kennedy space center Florida, Nullcon - Goa, c0c0n - Kerala, BSides Delhi etc.
Proficiency Exam Option:
This course has the option for a proficiency certificate add-on.
Exam Format: Practical, hands-on lab assessment
Time Allowed: 90 minutes
Passing Criteria: Minimum 70% overall performance
Exam attempts: 2
Students are required to design and execute a custom, realistic attack simulation plan against a controlled enterprise lab with EDR, SIEM, AV, and other defenses. From a set of predefined offensive and red team scenarios, one must be selected and approved by the trainer for execution.
The exam is divided into three parts:
- Design and building: Build a real-world attack simulation plan using custom payloads and procedures. The plan must be submitted to and approved by the trainer before execution.
- Execution and correlation: Execute the adversary simulation plan, correlate SOC/EDR/SIEM telemetry, map detections, document gaps, and create custom rules for undetected techniques.
- Re-test and validation: Re-execute the attack with defensive improvements applied. At least 70% of the previously executed attacks must now be prevented to demonstrate improved detection and defensive capability.
The final report will be reviewed and assessed by the trainer against predefined scoring criteria. The objective of this exam is to ensure students can both attack and defend, validating defenses from an offensive perspective, closing detection gaps, and strengthening overall resilience. This training and proficiency exam confirms that students can carry out advanced breach simulations and strengthen organizational cyber defenses.
Please reach out to training@defcon.org for any questions related to the proficiency exam and certificate option.
Registration Terms and Conditions:
Trainings are refundable before October 2, 2025, minus a non-refundable processing fee of $250.
Trainings are non-refundable after October 2, 2025.
Training tickets may be transferred. Please email us at training@defcon.org for specifics.
If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).
Failure to attend the training without prior written notification, will be considered a no-show. No refund will be given.
By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.
Several breaks will be included throughout the day. Please note that food is not included.
All courses come with a certificate of completion, contingent upon attendance at all course sessions.