Red Team Fundamentals
Red Team Fundamentals: staged credential abuse
Introduces staged privilege paths using enterprise client-style directories, emphasizing reconciliation checkpoints after each simulated pivot.
Description
You will rotate through attacker, operator, and scribe seats so everyone practices stakeholder sign-off language. Scenarios include help-desk token replay and hardened workstation bypass attempts that fail gracefully when quality standards block them.
Features
- Rotating seat chart with explicit RACI overlays
- Secure-storage integration patterns for short-lived tokens in the lab
- Voice coaching on describing blast radius without alarmist phrasing
- Mini tabletop on incident records hygiene after simulated lateral movement
- Optional evening clinic on Kerberos ticket anomalies
Outcomes
- Draft a three-step escalation email that cites observed behavior, not speculation
- Configure a lab-only jump host with session recording enabled
- List two reconciliation actions defenders should take after each pivot
FAQ
Is this only for offensive folks?
Defenders benefit equally; several exercises require a blue-team counterpoint to continue.
Physical requirements?
Expect long seated sessions; we provide standing desks on request if inventory allows.
What hardware is excluded?
We do not ship YubiKeys; bring your own hardware tokens if you want to test personal workflows.
Participant notes
The staged credential storyline referenced the same RACI language our risk coverage partners expect, which made the dry-run review feel grounded.
— Priya Nandakumar , Detection engineer