John Stigerwalt - Advanced Red Team Operations Certification by White Knight Labs - DCTLV2025

Name of Training: Advanced Red Team Operations Certification by White Knight Labs
Trainer(s): John Stigerwalt
Dates: August 11-12, 2025
Time: 8:00 am to 5:00 pm PT
Venue: Las Vegas Convention Center
Cost: $2,200

Course Description: 

White Knight Lab’s Advanced Red Team Operations (ARTO) course is meant to fill in the gaps for senior penetration testers who want to pivot into conducting red team operations against mature enterprise environments. Students will be given a Terraform script that spins up their dedicated lab environment to which they have lifetime access. Students will go through purchasing domains to simulate deploying their red team attack infrastructure. WKL's instructors will go in-depth regarding using CDNs in GCP, AWS, and Azure for redirectors. At the end of the course, students can test their knowledge by taking the Advanced Red Team Operation Certification exam. In this rigorous, hands-on 48-hour exam, students must gain Domain Admin control over the stigs-corp.local network and accomplish various objectives.

Course Outline: 

We will start with a brief introduction to the course and the objectives, explain and consequently demonstrate the objectives and concepts associated with 18 labs that will be used to simulate a real-world red team operation from the preparation phase to the post-exploitation phase and completing the objectives which cover the following areas:

• Cobalt Strike Setup: Learn to set up and configure Cobalt Strike or Havoc as your C2 server, simulating a real-world red team operation

• Building and Managing Redirectors: Use cloud-based services like AWS Lambda, Azure CDN, and GCP CDN to manage redirectors and evade detection

• Cloud-Based C2 Techniques: Deploy cloud infrastructure using Terraform to manage C2 channels and execute sophisticated attacks.

• Operational Tactics: Learn advanced tactics, from vulnerability identification to privilege escalation, and gain administrative domain control

• Simulated Attack Path: Engage in a simulated attack against the stigs-corp.local network, gaining domain admin, and testing against next-generation EDR

Difficulty Level:

Advanced

This is an advanced-level course. A background in current red teaming techniques, C2 framework usage, post-exploitation, and deploying attack infrastructure in the cloud would be helpful but not required.

Suggested Prerequisites:

• Basic understanding of Windows and Linux operating systems, networking, and scripting.

• Basic understanding of Terraform, Python, and PowerShell.

• Basic knowledge of Command and Control (C2) frameworks.

What Students Should Bring: 

• Students must have an AWS admin account with programmatic access (keys) to deploy the Terraform script.

• Students interested in exploring the Azure and GCP portions of the course will also need admin accounts in those CSPs. Students should have a laptop with at least 16GB of RAM.

Trainer(s) Bio:

John Stigerwalt has worked as a blue teamer, vCISO, developer, senior penetration tester, and red team lead. John served as the F-Secure red team lead for the western hemisphere. He has led long‐term red team engagements in highly complex Fortune 500 companies. He has worked together with Microsoft to increase kernel security for the Windows operating system. He has led training at BlackHat, DerbyCon, and Wild West Hackin’ Fest. He is the author of WKL’s Advanced Red Team Operations course (ARTO). John has the following certifications: OSCP, OSCE, CRTP (Certified Red Team Professional), CRTE (Certified Red Team Expert), and SLAE (Assembly Language and Shellcoding). John is known as one of the most talented offensive cyber security experts in the world and can do whatever is asked of him on a computer.

Registration Terms and Conditions: 

Trainings are refundable before July 8, 2025, minus a non-refundable processing fee of $250.

Trainings are non-refundable after July 8, 2025.

Training tickets may be transferred. Please email us at training@defcon.org for specifics.

If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).

Failure to attend the training without prior written notification, will be considered a no-show. No refund will be given.

By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.

Several breaks will be included throughout the day. Please note that food is not included.

All courses come with a certificate of completion, contingent upon attendance at all course sessions.