Advanced Windows Tradecraft

Course Description

Organizations with a mature security model want to test their security controls against sophisticated adversaries. Red teams that want to simulate such adversaries need an advanced tradecraft. Such a tradecraft must include the ability to adapt to the target environment, modify existing tactics and techniques to avoid detection, swiftly switch between tools written in different languages supported on Windows, break out of restrictions, utilize functionality abuse and keep up with the game of bypassing countermeasures. If you want to take your Windows tradecraft to the next level then this is the course for you.

This training takes you through a tradecraft for Red Teaming a Windows environment with nothing but trusted OS resources and languages. We will cover multiple phases of a Red Team operation like initial foothold, enumeration, privilege escalation, persistence, lateral movement, exfiltration etc. in a fully updated and patched lab with countermeasures enabled.

Some of the topics covered in the class:

  • Offensive C#, PowerShell, Jscript/VBScript
  • Bypassing Application Whitelisting
  • Bypassing host countermeasures
  • Evading process tree based detection
  • Evading advanced logging (Command line, PowerShellv5, Sysmon etc.)
  • In-memory assembly and shellcode execution
  • Offensive WMI
  • COM hijacking
  • Advanced Client Side Attacks on restricted and secure environments
  • Local and domain privilege escalation

Attendees will get free one month access to a lab configured like an enterprise environment during and after the training.

Course contents

Day 1

  • Introduction to the methodology
  • Windows as an attack platform
  • Offensive PowerShell
  • PowerShell without powershell.exe
  • Offensive C#
  • Offensive Jscript/VBScript
  • Offensive WMI

Day 2

  • COM Hijacking
  • Bypassing application whitelisting
  • Bypassing host countermeasures
  • Evading process tree based detection
  • Evading advanced logging (Command line, PowerShellv5, Sysmon etc.)
  • Advanced Client Side Attacks in restricted environment (AWL and ASR enabled)

Day 3

  • Local and Domain privilege escalation
  • Persistence (on host, domain and forest)
  • Advanced Lateral Movement
  • Defenses and Detection


  • Prior experience with Red Teaming or penetration testing.
  • Prior experience with using Windows as an attack platform will be helpful.

System Requirements

  • System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes. Privileges to disable/change any antivirus or firewall.

Trainer Biography

Nikhil Mittal is a hacker, infosec researcher, speaker and enthusiast. His area of interest includes penetration testing, attack research, defense strategies and post exploitation research. He has 10+ years of experience in Penetration Testing for his clients, which include many global corporate giants. He is also a member of Red teams of selected clients.
He specializes in assessing security risks at secure environments which require novel attack vectors and “out of the box” approach. He has worked extensively on using Human Interface Device in Penetration Tests and PowerShell for post exploitation. He is creator of Kautilya, a toolkit which makes it easy to use HIDs in penetration tests and Nishang, a post exploitation framework in PowerShell. In his spare time, Nikhil researches on new attack methodologies and updates his tools and frameworks.

Nikhil has held trainings and boot camps for various corporate clients (in US, Europe and SE Asia), and at the world’s top information security conferences. He has spoken/trained at conferences like DefCON, BlackHat, CanSecWest, BruCON, 44CON, Shakacon and more.
He blogs at

Twitter : @nikhil_mitt