Red Team Ops
Adversary Simulation & Red Team Operations.
Red Team Ops is an online course that teaches the basic principles, tools and techniques, that are synonymous with red teaming.
Students will first cover the core concepts of adversary simulation, command & control, and how to plan an engagement. They will then learn about each stage of the attack lifecycle from initial compromise to full domain takeover, data hunting, and data exfiltration. Students will also take various OPSEC concerns into account and learn how to bypass defences such as Windows Defender, AMSI and AppLocker. Finally, they will cover reporting and post-engagement activities.
Students have the option to purchase the course by itself or with lab access. A free exam attempt is included with each option.
Course Curriculum
-
1
-
What is Red Teaming?
FREE PREVIEW -
What is OPSEC?
FREE PREVIEW -
Phases of an Engagement
FREE PREVIEW -
Planning & Client Engagement
-
Scoping
-
Threat Model
-
Breach Model
-
Notifications & Announcements
-
Rules of Engagement
-
Record Keeping & Deconfliction
-
Data Handling
-
Duration
-
Costs
-
-
2
-
Command & Control
-
Red Team Ops Lab
-
Cobalt Strike
-
Starting the Team Server
-
Listener Management
-
Generating Payloads
-
Interacting with Beacon
-
Miscellany Tips & Tricks
-
Cobalt Strike Demo
-
-
3
-
External Reconnaissance
-
DNS Records
-
Social Media
-
-
4
-
Initial Compromise
-
Password Spraying
-
Internal Phishing
-
HTML Application (HTA)
-
Visual Basic for Applications (VBA) Macro's
-
Parent-Child Relationships
-
Building Alerts in Kibana
-
Initial Compromise Demo
-
-
5
-
Host Reconnaissance
-
Seatbelt
-
Screenshots
-
Keylogger
-
-
6
-
Host Persistence
-
Task Scheduler
-
Startup Folder
-
Registry AutoRun
-
COM Hijacking
-
Hunting for COM Hijacks
-
-
7
-
Host Privilege Escalation
-
Web Proxies
-
Peer-to-Peer Listeners
-
Peer-to-Peer Listener Demo
-
Windows Services
-
Unquoted Service Paths
-
Unquoted Service Path Demo
-
Weak Service Permissions
-
Weak Service Permission Demo
-
Weak Service Binary Permissions
-
Weak Service Binary Permission Demo
-
Always Install Elevated
-
Always Install Elevated Demo
-
UAC Bypasses
-
UAC Bypass Demo
-
-
8
-
Domain Reconnaissance
-
PowerView
-
Get-Domain
-
Get-DomainController
-
Get-ForestDomain
-
Get-DomainPolicyData
-
Get-DomainUser
-
Get-DomainComputer
-
Get-DomainOU
-
Get-DomainGroup
-
Get-DomainGroupMember
-
Get-DomainGPO
-
Get-DomainGPOLocalGroup
-
Get-DomainGPOUserLocalGroupMapping
-
Find-DomainUserLocation
-
Get-NetSession
-
Get-DomainTrust
-
SharpView
-
ADSearch
-
BloodHound
-
-
9
-
Lateral Movement
-
PowerShell Remoting
-
PsExec
-
Windows Management Instrumentation (WMI)
-
The Curious Case of CoInitializeSecurity
-
DCOM
-
-
10
-
Credentials & User Impersonation
-
LogonPasswords
-
eKeys
-
Security Account Manager
-
Domain Cached Credentials
-
Make Token
-
Process Injection
-
Token Impersonation
-
SpawnAs
-
Pass the Hash
-
Overpass the Hash
-
Extracting Kerberos Tickets
-
-
11
-
Password Cracking Tips & Tricks
-
Wordlists
-
Wordlist + Rules
-
Masks
-
Mask Length & Mask Files
-
Combinator
-
Hybrid
-
kwprocessor
-
-
12
-
Session Passing
-
Session Passing Demo
-
-
13
-
SOCKS Proxies
-
Windows Apps
-
Browsers
-
Metasploit
-
SOCKS Proxy Demo
-
Reverse Port Forwards
-
NTLM Relaying
-
NTLM Relaying Demo
-
-
14
-
Data Protection API
-
Credential Manager
-
Google Chrome
-
Credential Manager Demo
-
-
15
-
Kerberos
-
Kerberoasting
-
AS-REP Roasting
-
Unconstrained Delegation
-
Unconstrained Delegation Demo
-
The "Printer Bug"
-
Printer Bug Demo
-
Constrained Delegation
-
Constrained Delegation Demo
-
Alternate Service Name
-
Alternate Service Name Demo
-
S4U2self Abuse
-
S4U2self Demo
-
Linux Credential Cache
-
Linux Credential Cache Demo
-
-
16
-
Active Directory Certificate Services
-
Finding Certificate Authorities
-
Misconfigured Certificate Templates
-
Vulnerable User Template Demo
-
NTLM Relaying to ADCS HTTP Endpoints
-
ADCS NTLM Relay Demo
-
User & Computer Persistence
-
AD CS Auditing
-
-
17
-
Group Policy
-
Pivot Listeners
-
Pivot Listener Demo
-
Remote Server Administration Tools (RSAT)
-
RSAT Demo
-
SharpGPOAbuse
-
SharpGPOAbuse Demo
-
-
18
-
Discretionary Access Control Lists
-
Reset User Password
-
Targeted Kerberoasting
-
Targeted ASREPRoasting
-
Modify Domain Group Membership
-
-
19
-
MS SQL Servers
-
MS SQL NetNTLM Capture
-
MS SQL Command Execution
-
MS SQL Command Exec Demo
-
MS SQL Lateral Movement
-
MS SQL Lateral Movement Demo
-
MS SQL Privilege Escalation
-
MS SQL Privilege Escalation Demo
-
-
20
-
Domain Dominance
-
DCSync Backdoor
-
AdminSDHolder Backdoor
-
Remote Registry Backdoor
-
Skeleton Key
-
Silver Tickets
-
Golden Tickets
-
Forged Certificates
-
-
21
-
Forest & Domain Trusts
-
Parent/Child
-
One-Way (Inbound)
-
One-Way (Outbound)
-
Outbound Trust Demo
-
-
22
-
Local Administrator Password Solution
-
LAPS Persistence
-
LAPS Backdoors
-
-
23
-
Bypassing Antivirus
-
Artifact Kit
-
Artifact Kit Demo
-
Resource Kit
-
Resource Kit Demo
-
AmsiScanBuffer
-
Exclusions
-
AppLocker
-
AppLocker Rule Bypasses
-
PowerShell Constrained Language Mode
-
-
24
-
Data Hunting & Exfiltration
-
File Shares
-
Internal Web Apps
-
Databases
-
-
25
-
Post-Engagement & Reporting
-
Attack Narrative
-
Recommendations
-
Indicators of Compromise
-
-
26
-
Extending Cobalt Strike
-
Elevate Kit
-
Jump & Remote-Exec
-
Beacon Object Files
-
Malleable Command & Control
-
Student Reviews
Amazing value course
Konstantin Karabadzhakov
After finishing the OSEP and immediately jumping into the CRTO, I can certainly say I learned even more in regards to enumeration of domains, active director...
Read MoreAfter finishing the OSEP and immediately jumping into the CRTO, I can certainly say I learned even more in regards to enumeration of domains, active directory, lateral movement, etc. The addition of cobalt strike and touching on Splunk and detections is of incredible value ! I can only say I highly recommend to course !
Read LessTruly amazing
Jeremiasz Pluta
This course is amazing and should be strongly recommended for anyone, that wants to take a step into the world of red teaming. It presents the matters of red...
Read MoreThis course is amazing and should be strongly recommended for anyone, that wants to take a step into the world of red teaming. It presents the matters of red teaming in simple, understanding way. Everyone who's relatively familiar with penetration testing can learn many new techniques and begin to feel confident in area of red teaming.
Read LessGreat Intro!
STEPHEN HARUNA
This is a must for every offensive security person.
This is a must for every offensive security person.
Read LessA must have certificate.
Perry Daniel Junior Ofori
I have gained in two months what it would have taken me a year to learn. The TTP and knowledge in this course is publicly available but having having someone...
Read MoreI have gained in two months what it would have taken me a year to learn. The TTP and knowledge in this course is publicly available but having having someone structure it as a guide with accompanying labs makes knowledge acquisition faster.
Read LessThis course is gold
Roberto La Piana
This course is gold if you're ready to get better at Active Directory, and level up your skills. Really quality material, and well explained. I'm already usi...
Read MoreThis course is gold if you're ready to get better at Active Directory, and level up your skills. Really quality material, and well explained. I'm already using this knowledge on engagements and I'm just half-way through. Although CobaltStrike heavy, all concepts, commands and tools can be used/applied to scenarios where CobltStrike is not a thing with very little modification. I do recommend some base knowledge before enrolling, but that goes without saying. Well done ZeroPointSecurity
Read Less