Adversary Tactics: Identity-driven Offensive Tradecraft

Course Overview

The Strategic Imperative

Modern enterprise environments are no longer secured only at the endpoint, network, or perimeter layer. They are secured – and compromised – through identity.

As organisations continue to expand across Active Directory, Entra ID, Okta, Azure, SaaS platforms, federated authentication systems, and hybrid infrastructure, attackers are increasingly focusing on the identity layer as the fastest path to privilege escalation, lateral movement, and full operational compromise. Authentication and authorisation systems have become the connective tissue of the modern enterprise – and therefore one of its most valuable attack surfaces.

The challenge?
Most organisations do not fully understand:

• How identity attack paths are created across on-prem, cloud, and hybrid systems
• How authentication and trust relationships can be abused in ways defenders often miss
• How attackers chain together Kerberos, NTLM, ADCS, SAML, OAuth, Okta, Entra ID, and Azure abuse techniques
• How supply chain and cross-tenant trust can become a pathway to compromise
• How to detect, disrupt, and defend against identity-driven offensive tradecraft in realistic environments

Adversary Tactics: Identity-Driven Offensive Tradecraft is an immersive, hands-on masterclass designed to solve exactly that.

This is not a theory.
This is identity-centric offensive tradecraft in practice.

What You Will Be Able To Do

By the end of this intensive training, you will be able to:

• Apply the Clean Source Principle
  Use CSP analysis to methodically identify violations and discover both known and novel identity attack paths in complex enterprise environments.
• Abuse On-Prem and Hybrid Identity Architectures
  Understand how to leverage authentication and authorisation weaknesses for lateral movement and privilege escalation across modern enterprise environments.
• Execute Advanced Identity-Driven Attacks
  Abuse the intricacies of Kerberos, NTLM, ADCS, ADFS, SAML, Okta, Entra ID, OAuth, Azure, and hybrid identity systems to achieve red team objectives.
• Discover Attack Paths Across People, Process and Technology
  Move beyond simple enumeration to understand how trust, misconfiguration, integration, and design decisions create exploitable operational pathways.
• Operate in a Live, Realistic Lab Environment
  Work continuously through a full-course capstone with realistic attack paths, defender interaction, and evolving tradecraft decisions under pressure.
• Understand the Defender Perspective
  Learn the detection logic, defensive visibility, and OPSEC considerations that influence how modern identity attacks are discovered and countered.

About The Training Experience

Participants should expect:

• A highly technical and immersive learning environment
• Team-based classroom setup for collaborative operations
• Practical exposure to modern identity attack paths
• Defender-informed offensive methodology
• Access to an always-on range during training days for extended practice.

This course is best suited for practitioners with prior offensive security experience who want to deepen their ability to identify, exploit, and understand identity attack paths in complex enterprise environments.

Who Should Attend

This course is designed for experienced technical professionals involved in offensive security, adversary simulation, and advanced enterprise security testing, including:

• Red Team Operators
• Penetration Testers
• Adversary Emulation Specialists
• Offensive Security Consultants
• Detection Engineers seeking attacker perspective
• Security Professionals working in identity-rich enterprise environments

Delivery Format

• 50% Lecture / 50% Labs
• One continuous capstone lab running from Day 1 through Day 4
• Realistic attack scenarios across on-prem, hybrid, cloud, and cross-tenant environments
• “Red vs Blue” discussions integrated into lectures
• Active defender hunting within the lab to force OPSEC-aware decision-making.

This course is designed as an immersive, practical environment where students progress through a large, single capstone rather than isolated exercises. Lectures are injected throughout the course to provide the technical knowledge required to keep advancing through the range.

Student Requirements

Participants should already be proficient in:

• Windows and Active Directory Fundamentals
• Operating through a C2 agent and payload generation
• Lateral movement techniques
• Credential abuse on Windows systems

Technical Requirements

Participants must bring their own laptop with:

• A modern web browser
• Access capability for the SpecterOps training portal

All course materials and labs are hosted remotely. There are no local virtual machines or specialised software requirements needed to fully participate.

Participants will be provided with:

• Access to the lab range
• Course slides
• Cheat sheets
• Walkthroughs provided upon completion
  
  

Elad Shamir

Elad Shamir has over a decade of experience across the different domains of information security and has spent most of his career focusing on security research and delivering offensive security services. Previously, Elad served in the Israeli intelligence and worked in the private sector in Israel and Australia. Elad specializes in identifying security flaws in complex systems and weaponizing intended functionality for offensive capabilities, particularly in Windows and Active Directory environments.

Daniel Heinsen

Daniel Heinsen (@hotnops) is a Principal Security Researcher at SpecterOps with experience as a red team operator, offensive tools developer, and security researcher. Prior to working at SpecterOps, Daniel spent over 10 years within the U.S. Department of Defense as a software developer and capabilities specialist. Daniel has experience in offensive tool development, Windows internals, and web application exploitation. Since joining SpecterOps, Daniel has directed his research focus to novel initial access vectors and AWS.

Run this course in-house

Informa Connect Academy’s customised training solutions have helped organisations deliver tailored learning in different languages to suit every requirement.