Eric Stride, Kyle McCool - Red Team Tunneling, Pivoting, and Redirection by Deloitte - DCTLV2025

Name of Training: Red Team Tunneling, Pivoting, and Redirection by Deloitte
Trainer(s): Eric Stride and Kyle McCool
Dates: August 11-12, 2025
Time: 8:00 am to 5:00 pm PT
Venue: Las Vegas Convention Center
Cost: $1,900

Course Description: 

This Red Team Tunneling, Pivoting, and Redirection course provides participants with an understanding of how an attacker approaches the exploitation process. While gaining access to and once on the network, participants learn the techniques adversaries use to hide from detection and gain access to multiple different private networks by creating tunnels and pivots. This course provides participants with a baseline understanding of the tactics, techniques, and procedures an attacker uses to gain access to a network and pivot to different hosts. These concepts are then expanded through labs and lectures to provide a deeper understanding of exploitation and tunneling.

*Students will receive 6 months of access to our virtual lab environment to continue practicing the concepts they are taught in this course.

Course Outline:

1. Introduction: Class Introduction
2. Lesson 1: Exploit Methodology 
   1. Review a common methodology attackers use to gain access to systems
   2. Identify footprinting techniques
   3. Identify active scanning techniques
   4. Identify detailed network and host discovery methods
      
   5. Use network visualization techniques to identify potential vulnerabilities
      
   6. Identify techniques used to gain network access
      
   7. Identify techniques used to gain elevated access to resources
      
   8. Identify goals once access is gained
      
3. Lesson 2: Introduction to Tunneling 
   
   1. Tunneling use case
      
   2. Standard redirectors
      
   3. Exercise 1 - DNS and ICMP Tunneling 
      
   4. What is TOR?
      
   5. SSH tunneling
      
   6. Exercise 2 – SSH Tunnel 
      
4. Lesson 3: Metasploit Framework 
   
   1. Describe the advantages of using Metasploit
      
   2. Identify Metasploit folder structure and content
      
   3. Identify the main script used to launch the framework
      
   4. Interact with the main interface to configure and execute the following:
      
      1. Exploits
         
      2. Payloads
         
      3. Auxiliary
         
   5. How to use the search functionality
      
   6. Exercise 3 – Metasploit Familiarization 
      
   7. Exercise 4 – Metasploit Exploit and Post Modules 
      
5. Lesson 4: Exploitation Tunneling and Redirection 
   
   1. Exploit systems through SSH tunnels
      
   2. Exploit systems through PortProxy redirections
      
   3. Use nmap through tunnels
      
   4. Configure a multi-handler for use in tunnels
      
   5. Metasploit post module selection/configuration
      
   6. Exercise 5 – Exploitation Tunneling 
      
   7. Exercise 6 – Tunneling Challenge 
      
   8. Exercise 7 – Tunneling Playground 
      

Difficulty Level:

Intermediate

Suggested Prerequisites:

There are no prerequisites for this class, but having some experience with Metasploit would be beneficial.

What Students Should Bring: 

Participants will need to bring their own device with a modern web browser / keyboard.

Trainer(s) Bio:

Kyle is a senior Detect & Respond Cyber Threat Intelligence Analyst and Cyber Instructor with over ten years of experience in Cyber Threat Intelligence and Intelligence Analysis. He is a US Army veteran serving with the Special Operations Command, National Security Agency, and the United States Cyber Command where he specialized in intelligence, cyber operations, cyber training, and Geo-Political affairs as a Russian language and cultural expert. Kyle holds several industry certifications including GIAC Certified Threat Intelligence (GCTI), GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Security Essentials (GSEC), CompTIA Networking +, EC-Council Certified Threat Intelligence Analyst, and is a certified NSA Adjunct Faculty member.

Eric is a Specialist Executive at Deloitte. He is recognized for eminence in offensive cyber operations (OCO) for the US military, and cyber defense capability development & security operations in the commercial sector. Previously as an independent consultant, he advised clients on cybersecurity technology, operations, & management. Prior roles include CTO, overseeing cybersecurity service delivery to clients, and SVP, leading R&D. He has 22 yrs experience in Defense, Security, & Justice (DS&J). 12 yrs active duty USAF, with 5 at NSA. He supported highly technical cyber ops at USAF, NSA, & US Cyber Command. At the USAF, he established the 1st regional cyber combat msn team; commanded an OCO unit & a DCO Sq; served as OCO SME to the acquisition office; co-authored the 1st weapons & tactics manual addressing OCO; was the 1st OCO evaluator at the NAF level. At NSA, he worked dev & ops; a CNODP alum; was deputy chief of cyber ops at NSA-Georgia. He currently serves part-time as a Reserve Colonel, supporting the 67th Cyberspace Wing.

Deloitte is recognized as a global leader in Security Consulting, Cybersecurity Incident Response Services, Managed Cloud Services, and Strategic Risk Management Consulting. Deloitte is considered one of the “Big Four” accounting firms and is the largest professional services organization in the world.

Registration Terms and Conditions: 

Trainings are refundable before July 8, 2025, minus a non-refundable processing fee of $250.

Trainings are non-refundable after July 8, 2025.

Training tickets may be transferred. Please email us at training@defcon.org for specifics.

If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).

Failure to attend the training without prior written notification, will be considered a no-show. No refund will be given.

By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.

Several breaks will be included throughout the day. Please note that food is not included.

All courses come with a certificate of completion, contingent upon attendance at all course sessions.