Cyber Security Workshop: RED / BLUE Team Pentest Kungfu Series
HKPC Building 78 Tat Chee Avenue Kowloon
Ms Judy LIU, Tel: +852 2788 5704
 Enquiry    Print  


In the ever-changing cyber world today, a better way to protect your network and defence-in-depth of your assets is to understand your adversary tactics and techniques.

The primary aim of this workshop is to equip the participants with the necessary cyber security skill sets from both sides of the world: the RED Team and the BLUE Team. The RED Team focuses on penetration testing of different systems and the levels of security programmes, to detect, prevent and eliminate vulnerabilities, while the BLUE Team finds ways to defend, change and regroup defence mechanisms making incident response much stronger.

Course Introduction and Objectives

Day 1: Hands on Red Team & Metasploit Kung Fu

A lab with different types of clients and servers (e.g. web servers, mail servers, DNS servers, log servers, Windows client, etc.) is built to simulate real-life environment for Red Team and Blue Team to experience how attacks are launched and logs server / alert system will react.

Lab Infrastructure and Environment Setup

1. Introduction of the lab infrastructure
2. Install Kali Linux on laptops
3. Set up of environment (connect to lab server)

Red Team Exercise

1. Methodology of Red Team testing
2. Reconnaissance of the targets in the lab
3. Identifying the targets, e.g. ports, services, application version
4. Exploitation
5. SQL map attack
6. Metasploit payload generation
7. Deploying payload to different targets
8. Writing payload to the target
9. Maintaining access of the targets
10. Reporting guidelines 

Day 2: Hands on Blue Team & Final Challenge

Blue Team Exercise

    • Familiarising with log servers and agents in the Lab
    • Analysing the logs
    • Differentiating attack logs from normal logs
    • Setting up alerts of abnormal behaviour
    • Setting up rules for actions on different type of attacks
    • Generating charts for analysis

Final Challenge

    • Given vulnerable servers, participants are required to attack the target and get the secret from it. At the same time, participants are required to analyse the logs to determine what sort of attacks are launched and set up alerts.

Day 3: Malware and Targeted Attack Analysis & Simulation

Introduction and Simulation

    • What is targeted attack?
    • What are their indicators?
    • How can we simulate the attacks and what can the blue team see?

From indicators to deep analysis

    • Malware analysis primitive: static and dynamic analysis with recent attack sample
    • Yara rules primitives
    • IOC primitives

Day 4: Advanced Blue Team Techniques: Attack

Malware Detection with Machine Learning

  • What is machine learning?
  • What kind of indicators do we have in malware and attack server logs? (Ken/Byron)
  • How to train the machine learning model?
  • Discussion and hands-on with machine learning for attack logs (Ken/Byron)
  • Discussion and hands-on with machine learning framework for malware analysis


Date : 3 – 4 & 10 – 11 Jun 2021 (Every Thurs – Fri)
Time: 09:30 – 17:00

Course Fee

Early bird price on or before 3 May 2021
-Non-member: HK$17,200 per person
-Member of Supporting Organisations: HK$16,800 per person

Regular Price
-Non-member: HK$17,600 per person
-Member of Supporting Organisations: HK$17,200 per person


This course is an approved Reindustrialisation and Technology Training Programme (RTTP), which offers up to 2/3 course fee reimbursement upon successful applications. For details:

Target Audience

Participants desire to acquire in-depth technical knowledge:

    • Blue Team Members
    • Red Team Members
    • IT Auditor
    • Penetration Tester
    • Incident Responder


Mr Anthony LAI
Founder & Security Researcher, VX Research Limited

Anthony LAI is the holder of SANS GREM (Gold Paper) since 2010 (Level 3 in Incident Response Management) and SANS GXPN (Level 3 of Penetration Test). He has over 15 years of experience in information security and quality assurance, including penetration test, exploitation research, malware analysis, threat analysis, reverse engineering, and incident response and management.

Assistant Trainer

Mr Alan HO
Red Team Engineer, VX Research Limited

Alan HO is the holder of OSCP and SANS GWAPT certified security professional. He has over 10 years of experience in the information security industry, including penetration testing, security assessment, incident response, security operation planning, and investigation.

Certificate of Training

Participants who have attained 75% or more attendance of lecture will be awarded an Attendance Certificate.

Download Full Course Detail ▼