Red Team Ops
Adversary Simulation & Red Team Operations.
Red Team Ops is an online course that teaches the basic principles, tools and techniques, that are synonymous with red teaming.
Students will first cover the core concepts of adversary simulation, command & control, and how to plan an engagement. They will then learn about each stage of the attack lifecycle from initial compromise to full domain takeover, data hunting, and data exfiltration. Students will also take various OPSEC concerns into account and learn how to bypass defences such as Windows Defender, AMSI and AppLocker. Finally, they will cover reporting and post-engagement activities.
Students have the option to purchase the course by itself or with lab access. A free exam attempt is included with each option.
What is Red Teaming?
FREE PREVIEWWhat is OPSEC?
FREE PREVIEWPhases of an Engagement
FREE PREVIEWPlanning & Client Engagement
Scoping
Threat Model
Breach Model
Notifications & Announcements
Rules of Engagement
Record Keeping & Deconfliction
Data Handling
Duration
Costs
Command & Control
Red Team Ops Lab
Cobalt Strike
Starting the Team Server
Listener Management
Generating Payloads
Interacting with Beacon
Miscellany Tips & Tricks
Cobalt Strike Demo
External Reconnaissance
DNS Records
Social Media
Initial Compromise
Password Spraying
Internal Phishing
HTML Application (HTA)
Visual Basic for Applications (VBA) Macro's
Parent-Child Relationships
Building Alerts in Kibana
Initial Compromise Demo
Host Reconnaissance
Seatbelt
Screenshots
Keylogger
Host Persistence
Task Scheduler
Startup Folder
Registry AutoRun
COM Hijacking
Hunting for COM Hijacks
Host Privilege Escalation
Web Proxies
Peer-to-Peer Listeners
Peer-to-Peer Listener Demo
Windows Services
Unquoted Service Paths
Unquoted Service Path Demo
Weak Service Permissions
Weak Service Permission Demo
Weak Service Binary Permissions
Weak Service Binary Permission Demo
Always Install Elevated
Always Install Elevated Demo
UAC Bypasses
UAC Bypass Demo
Domain Reconnaissance
PowerView
Get-Domain
Get-DomainController
Get-ForestDomain
Get-DomainPolicyData
Get-DomainUser
Get-DomainComputer
Get-DomainOU
Get-DomainGroup
Get-DomainGroupMember
Get-DomainGPO
Get-DomainGPOLocalGroup
Get-DomainGPOUserLocalGroupMapping
Find-DomainUserLocation
Get-NetSession
Get-DomainTrust
SharpView
ADSearch
BloodHound
Lateral Movement
PowerShell Remoting
PsExec
Windows Management Instrumentation (WMI)
The Curious Case of CoInitializeSecurity
DCOM
Credentials & User Impersonation
LogonPasswords
eKeys
Security Account Manager
Domain Cached Credentials
Make Token
Process Injection
Token Impersonation
SpawnAs
Pass the Hash
Overpass the Hash
Extracting Kerberos Tickets
Password Cracking Tips & Tricks
Wordlists
Wordlist + Rules
Masks
Mask Length & Mask Files
Combinator
Hybrid
kwprocessor
Session Passing
Session Passing Demo
SOCKS Proxies
Windows Apps
Browsers
Metasploit
SOCKS Proxy Demo
Reverse Port Forwards
NTLM Relaying
NTLM Relaying Demo
Data Protection API
Credential Manager
Google Chrome
Credential Manager Demo
Kerberos
Kerberoasting
AS-REP Roasting
Unconstrained Delegation
Unconstrained Delegation Demo
The "Printer Bug"
Printer Bug Demo
Constrained Delegation
Constrained Delegation Demo
Alternate Service Name
Alternate Service Name Demo
S4U2self Abuse
S4U2self Demo
Linux Credential Cache
Linux Credential Cache Demo
Active Directory Certificate Services
Finding Certificate Authorities
Misconfigured Certificate Templates
Vulnerable User Template Demo
NTLM Relaying to ADCS HTTP Endpoints
ADCS NTLM Relay Demo
User & Computer Persistence
AD CS Auditing
Group Policy
Pivot Listeners
Pivot Listener Demo
Remote Server Administration Tools (RSAT)
RSAT Demo
SharpGPOAbuse
SharpGPOAbuse Demo
Discretionary Access Control Lists
Reset User Password
Targeted Kerberoasting
Targeted ASREPRoasting
Modify Domain Group Membership
MS SQL Servers
MS SQL NetNTLM Capture
MS SQL Command Execution
MS SQL Command Exec Demo
MS SQL Lateral Movement
MS SQL Lateral Movement Demo
MS SQL Privilege Escalation
MS SQL Privilege Escalation Demo
Domain Dominance
DCSync Backdoor
AdminSDHolder Backdoor
Remote Registry Backdoor
Skeleton Key
Silver Tickets
Golden Tickets
Forged Certificates
Forest & Domain Trusts
Parent/Child
One-Way (Inbound)
One-Way (Outbound)
Outbound Trust Demo
Local Administrator Password Solution
LAPS Persistence
LAPS Backdoors
Bypassing Antivirus
Artifact Kit
Artifact Kit Demo
Resource Kit
Resource Kit Demo
AmsiScanBuffer
Exclusions
AppLocker
AppLocker Rule Bypasses
PowerShell Constrained Language Mode
Data Hunting & Exfiltration
File Shares
Internal Web Apps
Databases
Post-Engagement & Reporting
Attack Narrative
Recommendations
Indicators of Compromise
Extending Cobalt Strike
Elevate Kit
Jump & Remote-Exec
Beacon Object Files
Malleable Command & Control
After finishing the OSEP and immediately jumping into the CRTO, I can certainly say I learned even more in regards to enumeration of domains, active director...
Read MoreAfter finishing the OSEP and immediately jumping into the CRTO, I can certainly say I learned even more in regards to enumeration of domains, active directory, lateral movement, etc. The addition of cobalt strike and touching on Splunk and detections is of incredible value ! I can only say I highly recommend to course !
Read LessThis course is amazing and should be strongly recommended for anyone, that wants to take a step into the world of red teaming. It presents the matters of red...
Read MoreThis course is amazing and should be strongly recommended for anyone, that wants to take a step into the world of red teaming. It presents the matters of red teaming in simple, understanding way. Everyone who's relatively familiar with penetration testing can learn many new techniques and begin to feel confident in area of red teaming.
Read LessThis is a must for every offensive security person.
This is a must for every offensive security person.
Read LessI have gained in two months what it would have taken me a year to learn. The TTP and knowledge in this course is publicly available but having having someone...
Read MoreI have gained in two months what it would have taken me a year to learn. The TTP and knowledge in this course is publicly available but having having someone structure it as a guide with accompanying labs makes knowledge acquisition faster.
Read LessThis course is gold if you're ready to get better at Active Directory, and level up your skills. Really quality material, and well explained. I'm already usi...
Read MoreThis course is gold if you're ready to get better at Active Directory, and level up your skills. Really quality material, and well explained. I'm already using this knowledge on engagements and I'm just half-way through. Although CobaltStrike heavy, all concepts, commands and tools can be used/applied to scenarios where CobltStrike is not a thing with very little modification. I do recommend some base knowledge before enrolling, but that goes without saying. Well done ZeroPointSecurity
Read Less