SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense, Artificial Intelligence
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
Major updates
SEC565: Red Team Operations and Adversary Emulation
SEC565Offensive Operations
- 6 Days (Instructor-Led)
- 36 Hours (Self-Paced)
Course authored by:
Jean-François Maes & David Mayer
Course authored by:Jean-François Maes & David Mayer
- GIAC Red Team Professional (GRTP)
- 36 CPEs
Apply your credits to renew your certifications
- In-Person, Virtual or Self-Paced
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
- Intermediate Skill Level
Course material is geared for cyber security professionals with hands-on experience
- 28 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Master Red Team operations, adversary emulation, and advanced tradecraft using CTI, MITRE ATT&CK, and cutting-edge AI tools to test and improve organizational defenses.
Featured Quote
The course content is absolutely amazing. Even if you already have some knowledge on the topic, there is still a wealth of information that will further enhance your understanding and solidify your procedures!
Course Overview
The SEC565 Red Team training course equips participants with the skills to plan and execute Red Team engagements through adversary emulation. Leveraging cyber threat intelligence, the MITRE ATT&CK framework, and cutting-edge AI capabilities, students learn to build resilient attack infrastructure, bypass modern defenses, and exploit Active Directory.
2026 Course Update Summary
The latest SEC565 update modernizes SANS’ Red Team operations training course for the AI-driven offensive landscape. This major refresh integrates artificial intelligence across planning, infrastructure, weaponization, and command-and-control workflows—preparing Red Team operators to emulate modern adversaries with greater speed, realism, and operational depth.
For a detailed breakdown of what's new and how these updates can strengthen you or your team, download the flyer.
What You’ll Learn
- Plan and execute Red Team engagements
- Leverage cyber threat intelligence in Red Teaming
- Accelerate CTI analysis and TTP extraction using AI
- Emulate adversary TTPs using MITRE ATT&CK
- Modernize and patch open-source tooling with AI
- Develop custom evasion frameworks using AI
- Create MCP servers for AI-driven C2 operations
Business Takeaways
- Strengthen Blue Team defenses through simulations
- Enhance detection and response with attack emulation
- Provide actionable insights to address security gaps
- Measure and optimize defense systems for effectiveness
- Identify weaknesses in people, processes, and technology
- Leverage AI to increase Red Team efficiency
Meet Your Authors
- Slide 1 of 2
Jean-François Maes
Certified InstructorJean-François is based in Portugal, where he is the CEO of Offensive Guardian, a boutique red and purple teaming shop providing freelance services to various organizations. He has worked for other noteworthy firms, including, but not limited to: Neuvik, TrustedSec, Fortra's Cobalt-Strike team, and NVISO.
Read more about Jean-François Maes - Slide 2 of 2
David Mayer
Certified InstructorDave Mayer is a cybersecurity professional with a background in red teaming, threat emulation, and offensive security. As the founder of Neuvik, he has worked extensively on adversary simulations and penetration testing, helping organizations strengthen their security posture against real-world threats.
Read more about David Mayer
Slide 1 of 0
(1/0)
Course Syllabus
Explore the course syllabus below to view the full range of topics covered in SEC565: Red Team Operations and Adversary Emulation.
Section 1Planning Adversary Emulation and Threat Intelligence
This initial section establishes foundational concepts in adversary tactics, Red Team operations, and threat intelligence frameworks. Focus areas include engagement planning, threat actor analysis, and initial attack execution-all critical for emulating sophisticated adversaries in controlled environments.
Topics covered
- Advanced adversary emulation methods
- Unified kill chain and attack mapping
- AI-assisted CTI analysis and TTP extraction
- Multi-factor bypass techniques
- Social engineering and AI-generated pretexts
Labs
- Environment setup and orientation
- MITRE® ATT&CK framework implementation
- Threat intel analysis and reporting (with AI integration)
- Strategic engagement planning
- Red team execution protocols
Section 2Attack Infrastructure and Operational Security
Section two is an advanced command-and-control (C2) infrastructure and tooling deep-dive focused on resilient attack frameworks, evasive redirector implementation, and OPSEC hardening. Students learn operational security monitoring, infrastructure protection, and defender evasion through sophisticated C2 architectures and communication channels.
Topics covered
- Modern C2 infrastructure design
- Advanced redirector methodologies
- Third-party hosting strategies
- OPSEC and infrastructure hardening
- AI-Driven C2 Operations with Model Context Protocol (MCP)
Labs
- Advanced C2 framework deployment
- Resilient redirector configuration
- VECTR implementation and monitoring
- Cobalt Strike operator training
- Creating MCP servers for Empire and Cobalt Strike
Section 3Getting In and Staying In
Advanced payloads and network infiltration tactics form the core of this section. Students explore stealthy weaponization techniques and learn to establish reliable initial access vectors for target environments. We pay special attention to evasive post-exploitation methodologies, including privilege escalation chains and persistent access methods.
Topics covered
- Sophisticated payload engineering
- Defensive control bypass tactics
- Network infiltration methodology
- AI-assisted tool restoration and patching
- Vibe coding custom evasion frameworks
Labs
- Advanced payload crafting and testing
- Initial access vector development
- Network discovery and enumeration
- AI-Assisted Restoration of legacy stagers
- Vibe Coding an Evasion Framework with AI
Section 4Active Directory Attacks and Lateral Movement
Students explore comprehensive domain enumeration and advanced privilege escalation within Windows environments. Deep technical analysis covers cross-domain attack patterns, trust relationship exploitation, and sophisticated lateral movement tactics. Each concept integrates with practical attack tool implementation for maximum operational impact.
Topics covered
- Domain trust exploitation chains
- Authentication bypass techniques
- Certificate service manipulation
- Advanced delegation attacks
- Enterprise network pivoting
Labs
- Enterprise domain enumeration methods
- Token manipulation and privilege abuse
- Advanced AD attack tool deployment
- Bloodhound attack path analysis
- Cross-forest lateral movement tactics
Section 5Obtaining the Objective and Reporting
Students navigate advanced database attacks, sensitive data exfiltration methods, and impact demonstration through targeted system manipulation. We comprehensively cover engagement analysis, strategic reporting methodologies, and automated breach simulation techniques for continuous security validation.
Topics covered
- Database exploitation techniques
- Target system manipulation
- Engagement analysis frameworks
- Breach simulation deployment
- Red team measurement protocols
Labs
- Advanced database attack strategies
- Critical data exfiltration methods
- Engagement tracking and reporting
- Impact analysis and demonstration
- Automated breach simulation
Section 6Immersive Red Team Capture-the-Flag
Students operate across multiple domains, implementing sophisticated attack chains against Windows and Linux infrastructures. The immersive environment presents authentic user activity patterns, rich intelligence gathering opportunities, and segmented network challenges requiring advanced lateral movement techniques.
Topics covered
- Enterprise adversary emulation
- Cross-domain attack strategies
- Credential theft and exploitation
- Advanced C2 infrastructure
- Comprehensive impact analysis
Labs
- Full-spectrum enterprise Red Team engagement
- Multi-domain attack orchestration
- Cross-platform exploitation chains
- Advanced lateral movement execution
- Data identification and exfiltration
Things You Need To Know
Relevant Job Roles
Penetration Tester
European Cybersecurity Skills FrameworkAssess the effectiveness of security controls, reveals and utilise cybersecurity vulnerabilities, assessing their criticality if exploited by threat actors.
Explore learning pathPenetration Testing (PENT)
Performance of authorised tests to identify vulnerabilities in networks, applications, and systems. Findings support remediation planning and risk reduction across the enterprise.
Explore learning pathRed Teamer Training, Salary, and Career Path
Offensive OperationsMonitor and analyze activity across cloud environments, proactively detect and assess threats, and implement preventive controls and targeted defenses to protect critical business systems and data.
Explore learning pathCourse Schedule and Pricing
Have Questions?Contact Us
Group and Private Pricing
Enroll your team as a group or arrange a private session for your organization. We’ll help you choose the format that fits your goals.
Location & instructorDate & TimeCourse priceRegistration Options
- Date & TimeOnDemand (Anytime)Self-Paced, 4 months accessCourse price$8,780 USD*Prices exclude applicable local taxesRegistration Options
- Date & TimeFetching schedule..Course price$8,900 USD*Prices exclude applicable local taxesRegistration Options
- Date & TimeFetching schedule..Course price$8,780 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course price€8,230 EUR*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course price$8,900 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course price¥1,335,000 JPY*Prices exclude applicable local taxesRegistration Options
- Date & TimeFetching schedule..Course price€8,230 EUR*Prices exclude applicable local taxesRegistration Options
- Date & TimeFetching schedule..Course price$8,780 USD*Prices exclude applicable local taxesRegistration Options
- Date & TimeFetching schedule..Course price$8,780 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course price£7,160 GBP*Prices exclude applicable taxes | EUR price available during checkout
Showing 10 of 15
Learn Alongside Leading Cybersecurity Professionals From Around The World
- Slide 1 of 3The labs are fantastic, and they are fun to work through!
- Slide 2 of 3I studied for the OSCP. The course content and approach was OK, but this was next level. My mind was blown and I learned so much more. Simply excellent.
- Slide 3 of 3Course content is great. Very informative and up-to-date attack vectors.
Slide 1 of 0
(1/0)
Benefits of Learning with SANS
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources