Home

Review of CyberWarFare - Red Team Adversary Simulation Labs

These are my personal opinions based on my background and training experience.



Course Reviewed


Format:

This course is online.


Materials:

This course's materials included three PDFs (one PDF for each attack path) and an image file (which is labeled as: Atomic Nuclear Simulated Lab Infrastructure).


Class size:

I don't know how many students may have been in the lab at the time that I was there, or the maximum number of students possible per lab.


Environment

The lab environment is shared with other students. I think I saw indications that someone else was doing the lab, but the stuff I saw could also have been there by design.


Estimated cost:

At the time of this review, the course prices were listed as follows (Check the web site for actual prices!)

15 Days $99.00 USD (discounted price)
30 Days $149.00 USD (discounted price)
45 Days $199.00 USD (discounted price)
90 Days $349.00 USD (discounted price)

About the Course:

This course will teach you three different attack methods to gain access to an environment and then move within a mixture of Linux and Windows machines inside Active Directory domains and forest. It also goes over pivoting through multiple Linux and Windows machines. These are some critical skills when performing a Red Team assessment.


My motivation:

I saw someone post a link to the website in a Facebook group that I am in, and I had exactly 15 days before an updated course that I had recently signed up for lab time started, plus, I had just gotten paid and had a little extra money to spend. I honestly didn't know what to expect with this course, but from reading the website it looked amazing.


My Review:

I signed up for 15 days on a whim, and once I got my confirmation e-mail, I asked to start as soon as possible.  When I got access to the course materials, I noticed three PDFs and an image file, plus my openvpn connection file. I opted to use the web connection instead of openvpn. So I quickly logged in to the web page, as per the e-mail instructions, and took a few moments to look around.

The setup is very similar to other courses I had recently taken, so it was familiar and easy to use.  From the start screen, I had access to both a Windows and a Linux box. So I connected to them and did some configuration checking.  That is about the point I realized I had no clue what I was doing.  I was at a loss of what to expect and where to go. And there didn't seem to be any hints in the setup of the machines.

At a loss of what I was supposed to do, I opened a PDF and happened to get the third path.  (Only saw it in the document title after I opened it.)  I went ahead and closed the third path, and went to the first path PDF and opened it.  I sort of expected a brief introduction, but what I found instead was a jump in the deep end.... and the enumeration was starting strong.  I stopped reading once I saw the first little bit, and I started doing my own thing.

Figuring it was kind of like a similar lab, I started working as I had in that lab, and it was pretty close at times.  I gathered some really cool information, and thought I had enough data to start working.  I went back to the lab machines, but couldn't find a path forward.  Now I was really confused because the hybrid real world and lab world weren't meshing up like I expected. And that was a good thing. If the course isn't forcing you to think, then it might be too easy. So I went back to the PDF and found that I had been treating this more like a lab exercise than a real world event.  So I did what was required, and got a path forward.

This was when I started to really like this course.  I liked it a lot, and I was pretty excited about what I had seen so far, and I was very happy with things as I progressed to the end, but at this point, the end was not in sight and the beginning was just about to start.

With enough information finally collected, I started forward doing my own things but falling back to the PDF as needed.  Since I was running on a 15 day setup (yes, I have another class starting at the end of the 15 days so time was pretty valuable), when I hit a point I couldn't figure out, I used the PDF and moved forward.  When I hit the solid brick wall toward the end of the first path, I used the PDF for step by step guidance.

I felt the first path was very real world like, had heard stories about similar type things happening on real world events, I was happy and moving forward without too many issues. There were a few times that I ran into issues, but I wasn't sure if that was because I was not following the guides step by step, or if there were some actual issues in the lab I had accidently bumped in to. So let me quickly address the two possibilities... if the issues were my own creation, no worries, they were super easy to figure out, but if the issues were something lab related, again, super easy to figure out and I am sure that an e-mail to support would have let me know either way, BUT, since I wasn't following the guides directly I opted to just move forward....

Along the first path, I was using my Windows box a lot, but noticed they moved back to the Linux box in the PDF. I continued forward with Windows because I was more comfortable using that.  I also noticed some techniques that I was using were a lot different than the PDF.  Both my method and the lab guide method were getting the same information, just with different techniques. I know at times I like to do things a specific way and consider it easier than another way, but I also realize that the next person might think my way is super hard and their way is easier. I also know the feeling of running a tried and true command and it failing and the panic to find an alternate method, so learn as many methods as you can.

As I said, toward the end of the first path, I started running into some things I haven't done in the real world.  I was familiar enough with the concepts and had used the technology in other ways, but for the way in the lab, I hadn't done it like that before.  So I was learning a few new commands and techniques. I expect there might be a day in the future where this information is more valuable than I had originally given it credit for, and having already experienced this, I will be better prepared.

As I reached the end point, I felt pretty happy and very satisfied with the labs to that point.  I figured the second path was going to be one step different and the rest the same.  I WAS WRONG!!!

I started on the second path, read a little of the PDF, jumped in, and then I realized, it was a lot more than I expected.  I had experience with the first few techniques from other labs, so that was a huge bonus for me.  By three machines in, I started having problems.  I really got confused and went to the PDF and got more confused than I was before. And then the trouble really hit.  I kept getting small bits of disconnects to the servers (the connection is over the internet and I was at a peak usage time so who knows where along the way that issue was), but then my VM started running slow, and things I thought should have worked just didn't. So I started troubleshooting, and couldn't find anything wrong in the lab environment, so I thought maybe a reboot of the Kali Linux machine would be a wise choice. I issued the reboot command, and lost connectivity. I tried to reconnect and nothing. So I waited a little while and tried again, but still nothing. I was in a little bit of a panic thinking I had killed the virtual machine ...

I contacted Support, let them know what was going on, and they resolved my lab problems really quickly. They let me know they had taken steps to make sure the issue didn't return, and followed up with me later to ensure that the problem was resolved and had not returned. Excellent service!

I still had some internet connection issues, but they didn't happen that often and it was pretty brief when it did happen.  I would get the little yellow bar in the bottom right hand side that my connection was interrupted.  I have gotten this in other labs, and, well, and more often than not it is the internet and not the fault of the lab, so I pressed forward.

Those connectivity issues were pretty much completely gone after that, and the rest of my lab time was perfect.

When I started back on the second path, I ended up reaching the point I had gotten to before I rebooted the Kali Linux machine, and I branched out on my own. I bypassed the point I had been at earlier and moved through the network. Looking back at the PDF afterwards, I was a little disappointed that I had done my own thing. There were a few techniques that I had knowledge of, but hadn't really tried them the way they were listed in the lab manual. I have added them to my notes, and one day in the future I will give them a try.

With the second path complete, I was off to the third path. I was keeping notes on the Windows and Kali machine of what commands I was running and so it was pretty easy for me to get back to a specific point if I had to stop for the day. And I don't know how many times I had to stop and restart this third path. At one point, who knows what restart of this path I was on at that time, I created a remote service and kept trying to start the service locally. I finally realized my mistake, but didn't update my notes. So the next day I was back to making the same mistake. My favorite mistake was probably around the fifth start/stop of the third path when I didn't make it to the box I expected to have reached, and started running commands and getting errors I never expected. I was just about to a breaking point, when I ran "hostname" out of frustration and realized I was nowhere near my target. So I laughed, and moved forward.

I used the PDF a lot more on the third path than I did the first two paths, but at some point along this path I looked at the instructions and was thinking, this is too much work, let me do it this way. And I reached the part that was similar for each path rather quicker than I expected.


I reached the end goal stated, captured a screenshot, and sent my e-mail to the e-mail address listed in the PDFs. Very soon after sending the e-mail, I got the following response:


Completion

Getting a "shout out" on Twitter or LinkedIn is really cool. I have gotten a few others in the past, and it always feels good to get recognition like that. But once I submitted the e-mail, I had a small feeling of disappointment that I can't figure out if it was because I had forged my own path in part of this and didn't feel I had stayed true to the intent of the PDFs, or, more likely than not, that a really cool lab experience had ended and knowing it would probably be a while before my next course was this fun and cool.



Twitter Shout Out


I walked away for a few minutes and it dawned on me what the feeling was. I feel that I missed out by doing things the way I did....no, not changing techniques, but the time and effort I had to put in to this course. What I should have done was sign up for like 45 days, and then do the labs 100% by myself with no help other than being told a few hints on the OSINT Research, and that VDI, web and/or phishing were three paths in (ok, maybe 90 days of time). There were a few places when I would have been stuck for a few days, and other places where I would have breezed through. About a week before I started this course, a guy at work showed me a trick that I ended up seeing in this PDF, but had I been doing this without the PDF, putting what I learned in to use would have taken some hard thought.


One last comment for this section regarding the technical side of things. There were some new techniques that I have not seen in other courses, and there were some tried and true Active Directory techniques, so more practice time with known techniques and some knowledge on some techniques you may not get elsewhere.

Misc:

I did have a tiny bit of trouble with my Kali Linux jump host while doing the labs, and I had to e-mail support. I had no clue what happened, other than the Kali Linux box got super slow and when I couldn't find a process eating too much memory, I rebooted and hung the system. They were quick to get back to me, and quick to help resolve the issue (and they even worked to ensure the problem wouldn't return). It might have been okay had I not tried to reboot the box, but they went above and beyond to make my lab experience top notch.

I will also note, the tools and data I had left on my jump boxes were there the entire time, which is a huge time saver. I can't imagine having gone through path three as many times as I did without the notes inside each VM to copy paste from (faster than going back to my host machine and copy pasting through to the VM).


The Exam:

There is no exam, however, if you follow the instructions provided, you may get a certificate of completion.



CoC


My two cents:

I really like the "story" of this lab as it provides more than just a bland network structure which you work your way through. Network pivoting with Linux and Windows!!!! This is such an important skill that is often confusing to people. Learn it, live it, love it! And having three different paths into the network before you reach the final goal was really cool. Even if you have been doing Red Team work for years, the story, the pivoting and the practice alone make this course a *must* take at the current prices.


I realized that this was like RastaLabs (the good experience), PentesterAcademy and a little bit of Stephen King story telling all rolled up in one awesome Red Team course.




Copyright © 2024

Contact: redteamtrainingreviews @ redteamtrainingreviews.com