Adversary Tactics and Techniques

R9B Adversary Tactics and Techniques (ATT) is an intense, five-week, hands-on course. In our Cyber Adversary Tactics Training Courses, students learn the methodology and technical details of how attackers recon, gain access to, pivot, and remain hidden within a target network. They learn how their own actions may leave behind artifacts alerting attackers to their presence. The Adversary Tactics and Techniques course establishes a firm foundation in operational cyber exploitation methodologies for pen-testers, red team members, and cyber hunters. Future pen-testers learn to infiltrate networks, and cyber defense analysts and operators are equipped to identify the telltale signs of an intrusion in progress. We teach students to perform fundamental exploitation operations in Windows and Linux environments.

R9B ATT first establishes a foundation on the Windows and Linux operating systems and how those systems communicate on networks. It concludes with the use of offensive tools, tactics, and procedures on those operating systems. Students learn how fundamental exploit techniques are executed and why they work. R9B presents modules covering topics from packet analysis to pivoting and tunneling, emphasizing a capability-independent mindset in this Cyber Adversary Tactics training course.

Adversary Tactics and Techniques is taught by leading professionals in cybersecurity. All instructors have previous experience conducting cyber operations within the United States Intelligence Community or were pen-testers or red team members within the U.S. military or government. This experience enhances training and prepares students to execute missions across diverse cyber terrain.

The course focuses on five major topics: Windows, Linux, networking, tactical forensics, and adversary methodologies & exploitation techniques. Every course module uses hands-on exercises to reinforce the practical application and employment of fundamental techniques used by sophisticated cyber organizations. Students follow along with the instructor and complete complex exercises forcing them to think outside of the box and to act within a dynamic environment. As students learn the concepts, they are challenged to develop and apply critical thinking skills to produce innovative solutions to complex problems. Additionally, instructors teach students advanced techniques and procedures to hide their tracks and maintain stealth. Students develop and demonstrate skills throughout the course by achieving cyber objectives in live virtual environments.

The final week of the course includes extensive exercises requiring students to combine lessons from previous modules. The course culminates in a scenario simulating a full-scale cyber operation. The ATT course provides a thorough understanding of the exploitation process and the technical knowledge to perform a wide range of fundamental cyber operations on target networks.


• Basic operating system fundamentals and understanding of related components such as memory, CPU, storage devices, and I/O devices.
• Basic Linux and Windows command line knowledge such as filesystem navigation and creating and modifying files.
• Basic understanding of networking devices such as switches and routers, as well as protocols within the OSI model.
• Cybersecurity fundamentals to include exploitation concepts and terminology.


Cyber professionals preparing to enter positions or advanced training in the fields of pen testing, red teaming, or HUNT operations with existing system administration, networking, and/or cybersecurity backgrounds.


• Lecture slides in PDF
• Exercise materials (e.g., files, VMs)



Human-Led. Technology-Accelerated.

Email Call 719.368.3677 (M-F 8-5)