Red Team Ops
Adversary Simulation & Red Team Operations.
Red Team Ops is an online, self-study course that teaches the basic principles, tools and techniques synonymous with red teaming.
Students will first cover the core concepts of adversary simulation, command & control, engagement planning and reporting.
They will then go through each stage of the attack lifecycle - from initial compromise to full domain takeover, data hunting and exfiltration. Students will learn how common "OPSEC failures" can lead to detection by defenders, and how to carry out those attacks in a stealthier way.
Finally, they will learn how to bypass defences such as Windows Defender, AMSI and AppLocker.
Course Introduction
FREE PREVIEWWhat is Red Teaming?
FREE PREVIEWWhat is OPSEC?
Primum non nocere?
Attack Lifecycle
Engagement Planning
Post-Engagement & Reporting
Red Team Ops Lab
Cobalt Strike
Starting the Team Server
Starting the Team Server Demo
Listener Management
Listener Management Demo
Generating Payloads
Interacting with Beacon
Interacting with Beacon Demo
Pivot Listeners
Pivot Listeners Demo
Running as a Service
Running as a Service Demo
External Reconnaissance
DNS Records
Google Dorks
Social Media
Initial Compromise
Password Spraying
Password Spraying Demo
Internal Phishing
Initial Access Payloads
Visual Basic for Applications (VBA) Macros
VBA Macro Demo
Remote Template Injection
Remote Template Injection Demo
HTML Smuggling
Host Reconnaissance
Processes
Seatbelt
Screenshots
Keylogger
Clipboard
User Sessions
Host Persistence
Task Scheduler
Startup Folder
Registry AutoRun
Hunting for COM Hijacks
Host Privilege Escalation
Windows Services
Unquoted Service Paths
Weak Service Permissions
Weak Service Binary Permissions
UAC Bypasses
Elevated Host Persistence
Windows Services
WMI Event Subscriptions
Obtaining Credential Material
Beacon + Mimikatz
NTLM Hashes
Kerberos Encryption Keys
Security Account Manager
Domain Cached Credentials
Extracting Kerberos Tickets
DCSync
Password Cracking Tips & Tricks
Wordlists
Wordlist + Rules
Masks
Mask Length & Mask Files
Combinator
Hybrid
kwprocessor
Domain Recon
PowerView
SharpView
ADSearch
User Impersonation
Pass the Hash
Pass the Ticket
Overpass the Hash
Token Impersonation
Token Store
Make Token
Process Injection
Lateral Movement
Windows Remote Management
PsExec
Windows Management Instrumentation (WMI)
The Curious Case of CoInitializeSecurity
DCOM
Session Passing
Beacon Passing
Foreign Listener
Spawn & Inject
SOCKS Proxies
Linux Tools
Proxychains Demo
Windows Tools
Proxifier Demo
Pivoting with Kerberos
Browsers
Reverse Port Forwards
NTLM Relaying
NTLM Relaying Demo
Data Protection API
Credential Manager
Scheduled Task Credentials
Kerberos
Kerberoasting
ASREP Roasting
Unconstrained Delegation
Unconstrained Delegation Demo
Constrained Delegation
Constrained Delegation Demo
Alternate Service Name
S4U2Self Abuse
S4U2Self Demo
Resource-Based Constrained Delegation
RBCD Demo
Shadow Credentials
Kerberos Relay Attacks
Active Directory Certificate Services
Finding Certificate Authorities
Misconfigured Certificate Templates
Vulnerable User Template Demo
NTLM Relaying to ADCS HTTP Endpoints
User & Computer Persistence
Abusing Group Policy
Modify Existing GPO
Create & Link a GPO
MS SQL Servers
MS SQL Impersonation
MS SQL Command Execution
MS SQL Command Exection Demo
MS SQL Lateral Movement
MS SQL Lateral Movement Demo
MS SQL Privilege Escalation
MS SQL Privilege Escalation Demo
Configuration Manager
Enumeration
Network Access Account Credentials
Lateral Movement
Domain Dominance
Silver Tickets
Golden Tickets
Diamond Tickets
Forged Certificates
Forest & Domain Trusts
Parent/Child
One-Way Inbound
One-Way Outbound
Local Administrator Password Solution
Reading ms-Mcs-AdmPwd
Password Expiration Protection
LAPS Backdoors
Microsoft Defender Antivirus
Artifact Kit
Artifact Kit Demo
Malleable C2
Resource Kit
AMSI vs Post-Exploitation
Manual AMSI Bypasses
Behavioural Detections
Command Line Detections
AppLocker
Policy Enumeration
Writeable Paths
Living Off The Land Binaries, Scripts and Libraries
PowerShell CLM
Beacon DLL
Data Hunting & Exfiltration
File Shares
Databases
Extending Cobalt Strike
Mimikatz Kit
Jump & Remote-Exec
Beacon Object Files
Malleable Command & Control
Enabling Windows Defender
Students should have a good working knowledge of Windows and Active Directory environments. Prior penetrating testing experience would be a bonus. Familiarity with C, C# and PowerShell would also be advantageous but not essential.
No, lab access is sold separately.
Yes - you get 1 free exam attempt when you purchase the course. The voucher does not have an expiry date.
Yes - just pay the fee and schedule the exam from the booking page.
Zero Point Security's RTO course content went above and beyond my expectations. The course modules are well designed, organized and informative. Additionally...
Read MoreZero Point Security's RTO course content went above and beyond my expectations. The course modules are well designed, organized and informative. Additionally, the lab environment acts as a fantastic tool to practice the techniques that you're learning alongside the modules. The fact that the course content is updated frequently and is available indefinitely provides great value to enrollees. Overall, I highly recommend this course to those looking to solidify their foundational knowledge of red team methodology and testing through command and control.
Read LessAfter finishing the OSEP and immediately jumping into the CRTO, I can certainly say I learned even more in regards to enumeration of domains, active director...
Read MoreAfter finishing the OSEP and immediately jumping into the CRTO, I can certainly say I learned even more in regards to enumeration of domains, active directory, lateral movement, etc. The addition of cobalt strike and touching on Splunk and detections is of incredible value ! I can only say I highly recommend to course !
Read LessThis course is amazing and should be strongly recommended for anyone, that wants to take a step into the world of red teaming. It presents the matters of red...
Read MoreThis course is amazing and should be strongly recommended for anyone, that wants to take a step into the world of red teaming. It presents the matters of red teaming in simple, understanding way. Everyone who's relatively familiar with penetration testing can learn many new techniques and begin to feel confident in area of red teaming.
Read LessThis is a must for every offensive security person.
This is a must for every offensive security person.
Read LessI have gained in two months what it would have taken me a year to learn. The TTP and knowledge in this course is publicly available but having having someone...
Read MoreI have gained in two months what it would have taken me a year to learn. The TTP and knowledge in this course is publicly available but having having someone structure it as a guide with accompanying labs makes knowledge acquisition faster.
Read LessThis course is gold if you're ready to get better at Active Directory, and level up your skills. Really quality material, and well explained. I'm already usi...
Read MoreThis course is gold if you're ready to get better at Active Directory, and level up your skills. Really quality material, and well explained. I'm already using this knowledge on engagements and I'm just half-way through. Although CobaltStrike heavy, all concepts, commands and tools can be used/applied to scenarios where CobltStrike is not a thing with very little modification. I do recommend some base knowledge before enrolling, but that goes without saying. Well done ZeroPointSecurity
Read Less