ADVANCED RED TEAM OPERATIONS: LATERAL MOVEMENT & DOMAIN DOMINANCE MASTERCLASS

Master the art of "Living off the Land." Move silently through enterprise networks, bypass modern EDR/AV, and escalate to Domain Admin without triggering alarms.

OPERATIONAL OBJECTIVES

Standard pentesting is noisy. In this masterclass, we move beyond basic scanning and ‘script-kiddie’ exploits. You will learn the tradecraft used by Advanced Persistent Threats (APTs) to maintain long-term persistence and move laterally using legitimate system tools.

The Syllabus

Initial Access & Evasion

Weaponizing C2 frameworks (Mythic C2).
Bypassing AV/EDR using obfuscation and environmental keying.

Internal Reconnaissance

Stealthy enumeration with BloodHound and Sharphound.
Identifying high-value targets without touching disk.

Lateral Movement Tradecraft

Abusing WinRM, WMI, and DCOM for silent movement.
Pass-the-Hash (PtH) and Overpass-the-Hash techniques.

Active Directory Exploitation

Kerberoasting & AS-REP Roasting manual execution.
Token manipulation and impersonation.

Persistence & Exfiltration

Golden/Silver Ticket creation.
Data exfiltration via DNS tunneling and C2 channels.

Date: February 28, 2026

This is an ADVANCED session. Attendees are expected to have:

Working knowledge of Linux (Kali/Parrot) and Windows Command Line.
Basic understanding of Active Directory structures.
A caffeine dependency of at least 400mg per day
The ability to type ‘sudo‘ in under 0.5 seconds when you forget your privileges.
A mechanical keyboard loud enough to wake your neighbors.
At least 3 monitors (One for hacking, one for documentation, one for memes).
Dark Mode enabled on everything.
The ability to look at a login screen and immediately think, ‘admin:admin works.’

Fikrat Karimli

Cybersecurity Architect

Fikrat Karimli is a veteran cybersecurity professional with over 10 years of experience executing high-stakes penetration tests and strategic red team engagements. Currently the Cybersecurity Architect at Project Worldwide.

A competitive red teamer at his core, Fikrat is a 2x SentinelOne Threat Ops Champion, a MITRE CTF Champion, and a U.S. National Cyber League Champion. He holds the industry’s most rigorous offensive certifications, including OSEP (Offensive Security Expert Professional), OSCE, OSCP, and the GIAC Experienced Penetration Tester (GX-PT). His expertise focuses on advanced lateral movement, C2 infrastructure, and purple-team methodologies that help organizations defend against modern APTs.

Frequently Asked Questions

I work in Blue Team/Defense. Is this Red Team training relevant to me?

Absolutely. You cannot defend against what you cannot understand. This masterclass adopts a “Purple Team” mindset—by learning how advanced operators bypass your defenses (lateral movement, WMI abuse, and evasion), you will learn exactly how to detect and block them in your own environment. This is essential training for any SOC analyst wanting to level up.

How is this different from CTFs

CTFs are puzzles; this is tradecraft. We don’t use “gamey” vulnerabilities. We focus on living-off-the-land (LotL) techniques—using the tools already built into Windows to move silently. You will learn the actual TTPs (Tactics, Techniques, and Procedures) used by modern ransomware groups and APTs today, not theoretical exploits from 5 years ago.

Can I use these attack vectors in my upcoming pentest engagements?

es. The goal of this session is to expand your arsenal immediately. We provide battle-tested playbooks for internal network compromise that you can deploy in your next engagement (legally). We focus on “Operational Security” (OpSec) safe methods that minimize the risk of crashing client systems.