Modern Initial Access and Evasion Tactics - 2024 Review

Modern Initial Access and Evasion Tactics - 2024 Review

Mariusz Banach's (mgeeky) 'Modern Initial Access and Evasion Tactics' course was the first training I took this year. Here is my review, written from the perspective of an experienced web developer.

As soon as I decided to switch my career entirely to providing Offensive Security Services last year, I naturally looked for the best courses to take. I needed to get a jump start when doing bug bounties and transitioning into offensive security assessments and red teaming in the long run.

@jhaddix's TBBHM training (which I took in December 2023) suggested Mariusz's course, and the upcoming session was already fully booked, so I could not wait for a spot to open up in the next training. I promptly reserved a seat after Mariusz announced the new schedule around Christmas.

What immediately stood out to me was that the whole course, communication, and execution were so well-prepared and professional:

  • You get lifetime access to a student VM containing all the training tools, code, and a lot of scripts that Mariusz wrote himself, which makes using the provided material so much easier.

  • You get access to various hosted apps, e.g., a Mythic C2 instance, that Mariusz provides. The provided setup allows you to get your hands dirty with the provided exercises and adds so much to the value of the training.

  • You get immediate access to this day's recording at the end of each course day.

  • The student area contains up-to-date slides and links to the recordings, so you can always come back and review the material again.

Initially, I was worried that the course content could be over my head. But even though the last time I touched the WinAPI and inspected PEs was over 12 years ago, I understood the training due to its straightforward and well-presented manner.

What made the training priceless was Mariusz's experience, which he freely shared, responding to questions and giving each topic a personal touch. A lot of the tools and attack vectors were not only presented but also discussed from the points of view of defenders, EDR, and malware developers. Mariusz hands you the knowledge to correctly pick, customize, and deploy your tools so you can stay one step ahead.

If I had to suggest an improvement for this excellent course, it would be to streamline the live demos. Some of the exercises presented by Mariusz took longer to complete than they should have. But this also showed a fascinating perspective when observing a field expert live debugging and making the payload pop in the end!

The three training days flew by. I now know a whole bucket of TTPs I can try out in the provided lab environment and my upcoming engagements—100% recommended.