Offensive cyber security operations training

Offensive Cyber Security Operations: Mastering breach and adversarial attack simulation engagements

DEF CON Training - Las Vegas

10-11 August 2026


Register at training.defcon.org


What you will learn

This is an updated content version of the CBAS training program, with Cobalt Strike used extensively as the primary C2 framework. New modules cover more defense evasion, cloud adversary simulation, supply chain attack simulation, more control validation exercises, and AI assisted adversary simulation exercises, including the use of AI systems to generate payloads, ransomware campaigns and running autonomous attack simulations.

Participants will learn to emulate various threat actors safely in a controlled, enterprise-level environment. Beyond offensive tradecraft and TTPs, this iteration introduces new modules covering defense evasion, cloud adversary simulation, supply chain attack simulation, and a range of control validation exercises. AI-assisted adversary simulation is heavily integrated throughout the participants will use AI systems to generate payloads, build evasive tooling, and orchestrate full ransomware campaigns end-to-end.

All lab machines will be equipped with AV, web proxies, EDR, and other defence systems. The training platform provides modules and videos for each attack vector, with step-by-step walkthroughs so participants can correlate every technique with defensive telemetry and response opportunities. The lab includes a full guided breach simulation scenario from initial access through exfiltration across a defended, enterprise-grade Active Directory environment.

Master advanced breach and adversary simulation

Go beyond the basics. Participants operate across a fully defended enterprise environment with AV, EDR, web proxies, and SIEM, executing real-world TTPs from initial access through exfiltration. Cobalt Strike is the primary C2 throughout. Every technique is correlated with defensive telemetry so both offensive and defensive practitioners leave with actionable insight.

Key topics covered

  • Adversary emulation vs adversary simulation vs red teaming vs purple teaming
  • Cyber threat intelligence collection, analysis and operationalisation
  • Threat-informed defense, MITRE ATT&CK v19, Cyber Kill Chain, Diamond Model and Pyramid of Pain
  • Adversarial Exposure Validation and continuous adversary exposure validation
  • Breach simulation engagement scoping, rules of engagement and legal considerations
  • Command and control frameworks, Cobalt Strike architecture and advanced use cases
  • Adversary and red team infrastructure design, redirectors, domain fronting and operator OPSEC
  • Defense evasion concepts, Windows internals and EDR detection mechanisms
  • Active Directory architecture, attack surface mapping and common abuse paths
  • Cloud security fundamentals and adversary simulation across AWS, Azure and GCP
  • Supply chain attack concepts and threat actor targeting patterns
  • Ransomware operations, threat actor TTPs, double-extortion models and simulation design
  • AI use in offensive operations, LLM-assisted attack planning and autonomous simulation concepts
  • Purple teaming frameworks, detection engineering and detection-as-code with Sigma and DeTT&CT
  • Adversary simulation against AI systems, OWASP LLM Top 10 and MITRE ATLAS

Hands-on for offensive and defensive practitioners

Every module is built around doing, not watching. Participants build real tooling, run live simulations against defended targets, and walk away with reusable assets including loaders, playbooks, detection rules, and simulation plans that transfer directly into their day-to-day work. Updated with Cobalt Strike C2 and more AI assisted attack simulation exercises.

Lab exercises

  • Guided full-chain Active Directory breach simulation with Cobalt Strike C2 from initial access through exfiltration
  • Cobalt Strike advanced lab exercises with malleable C2 profile tuning, BOF development and in-memory execution
  • Adversary emulation with Atomic Red Team including air-gapped execution and custom test case development
  • Deploying and operating MITRE Caldera, building custom abilities and emulating known threat actors
  • Orchestrating adversary emulation through RedTeamSimmer, executing test scenarios remotely and contributing new test cases
  • Adversary emulation planning, execution and purple team reporting with VECTR
  • Building and testing AMSI/ETW bypasses, syscall implementations, custom process injection chains, and advanced beacon evasion techniques
  • AI assisted shellcode loader generation and custom loader development exercises
  • BYOVD emulation plan building and EDR killer simulation
  • Microsoft Entra ID and pass-through auth compromise exercises
  • Building an AI agent system for autonomous adversary emulation
  • AI-assisted payload generation and evasive tooling development
  • Ransomware simulation build with BOF-based encryption, double-extortion and backup destruction
  • Cloud adversary emulation exercises for AWS, Azure and GCP
  • Supply chain attack simulation with npm, PyPI and GitHub compromise in a controlled lab
  • Security control validation across endpoint, email, web proxy and SWG
  • SIEM correlation, detection gap reporting and Sigma/EQL/KQL detection engineering
  • Purple team exercise connecting full attack chain to detections and collaborative gap analysis


Earn CBAS certification and digital badges

Earn Certified Breach and Adversarial Attack Simulation Specialist - DEF CON Training Edition certification, and showcase your skills with exclusive badges that validate your expertise and enhance your professional credentials.

The participants will be provided with

  • Certified Breach and Adversarial Attack Simulation Specialist (CBAS) - DEF CON Edition certification (Proficiency exam required)
  • CBAS Digital badges and challenge coins (Proficiency exam required)
  • Certificate from DEF CON Training (Proficiency exam required)
  • Course material (PDF)
  • Lab access and training portal access to lab guides
  • Custom malware/ransomware simulation, loaders, payloads and code samples
  • Adversary simulation plans and playbooks
  • Downloadable VM images for offline practice
  • Detection engineering resources (Sigma rules, EQL/KQL queries)
  • Reporting templates and sample reports
  • Post-training reference toolkit and exercises (curated open-source tools and scripts)
  • One year of training portal access to continuously updated lab guides, training material, and code samples
  • Access to private code repositories
  • BreachSimRange Swags

Meet your trainer
Abhijith 'Abx' B R

Abhijith B R, also known by the pseudonym Abx, has more than a decade of experience in the offensive cyber security industry, serves as the Director of BreachSimRange, and Founder of Adversary Village at DEF CON. He is a professional hacker, offensive cyber security specialist, red team consultant, security researcher, trainer and public speaker. Abhijith has spoken at various hacking and cyber security conferences such as, DEF CON hacker convention, RSA Conference, The Diana Initiative, DEF CON 28 safemode - DCG Village, Opensource India, BSides Las Vegas, BSides San Francisco, Hack Space Con, Nullcon, c0c0n, BSides Delhi, DEF CON Singapore, DEF CON Bahrain and many others.



CBAS Challenge Coins

Complete every challenges and hands-on exercises during the training to earn your official CBAS Challenge Coins.
These coins are exclusive to DEF CON Training participants as a token of accomplishment and a proud reminder that you have completed the experience.

Offensive Cyber Security Operations: Mastering breach and adversarial attack simulation engagementstraining at DEF CON Training Las Vegas in August 2026, we ahve upgraded the primary command and control (C2) framework in the training to Fortra Cobalt Strike C2. We are extremely happy to bring this enhanced training experience to DEF CON Training. This collaboration ensures participants train with fully licensed, up-to-date offensive tooling backed by official support and resources.

Why Cobalt Strike?

For those unfamiliar, Cobalt Strike is a commercial adversary simulation platform developed by Fortra (formerly Help Systems). It is the industry standard for professional red team operations, providing a mature command and control framework with features specifically designed for realistic attack simulation. Its Beacon implant, Malleable C2 profiles, and post-exploitation capabilities make it the go to choice for both legitimate security teams and, unfortunately, real-world threat actors with cracked versions.

Let me be very clear, this is not about throwing out open-source C2 tools. Sliver/Havoc/Adaptix C2 and Caldera, they are still solid, fantastic for structured adversary emulation. All of these will still be covered in the course because they serve real purposes.

But when it comes to full scope breach simulation and realistic red team operations, Cobalt Strike is what professional offensive security teams and red teams actually use. It is the tool that shows up in incident response reports, It is what your SOC will encounter when things get serious with Red Teams.

Keep In Touch

Feel free to contact us for any
queries or collaboration

[email protected]

Masdar City, Abu Dhabi, UAE.