RTO II is a continuation (not a replacement) of Red Team Ops and aims to build on its foundation.  The primary focus of this course is to provide more advanced OPSEC tactics and defence bypass strategies.

Students will:

Learn how to build secure and resilient on-premise C2 infrastructure, using public cloud redirectors and HTTPS.

Go deeper into C++ and C# programming with Windows APIs, leading into writing custom tooling for a variety of offensive actions including process injection, PPID spoofing, and command line spoofing.

Learn how to clean up memory indicators of Cobalt Strike's Beacon, and leverage in-memory obfuscation to bypass some memory scanning techniques.

Employ strategies for enumerating, identifying, and exploiting weaknesses in Attack Surface Reduction and Windows Defender Application Control technologies.

Bypass AV and EDR agents by circumventing ETW, userland hooking, and kernel callbacks.

Course Curriculum

    1. Defence in Depth

    2. Infrastructure Design

    3. Apache Installation

    4. SSL Certificates

    5. Beacon Certificates

    6. SSH Tunnel

    7. Enabling Apache Redirection

    8. User Agent Rules

    9. Cookie Rules

    10. URI & Query Rules

    11. Beacon Staging

    12. Redirecting DNS

    13. Payload Guardrails

    14. External C2

    1. WinAPI

    2. MessageBox in C++

    3. CreateProcess in C++

    4. P/Invoke

    5. MessageBox in C#

    6. Type Marshalling

    7. CreateProcess in C#

    8. Error Handling

    9. NT APIs

    10. Ordinals

    11. MessageBox in VBA

    12. CreateProcess in VBA

    13. D/Invoke

    14. D/Invoke & Ordinals

    15. D/Invoke API Hashing

    1. Process Injection

    2. Downloading Files in C++

    3. Downloading Files in C#

    4. Function Delegate C++

    5. Function Delegate C#

    6. CreateThread C++

    7. CreateThread C#

    8. CreateRemoteThread

    9. QueueUserAPC

    10. NtMapViewOfSection

    1. Post-Exploitation Behaviours & Memory Indicators

    2. Memory Permissions & Cleanup

    3. BOF Memory Allocations

    4. Fork and Run Memory Allocations

    5. SpawnTo

    6. Process Inject Kit

    7. PPID Spoofing

    8. Command Line Argument Spoofing

    9. SMB Named Pipes Names

    10. Event Tracing for Windows

    11. Inline (.NET) Execution

    12. Tool Signatures

    1. Attack Surface Reduction

    2. Enumerating Enabled Rules

    3. MS Office Rules

    4. Reversing ASR Exclusions

    5. GadgetToJScript

    6. Process Creations from PSExec & WMI

    7. Credential Stealing from LSASS

About this course

  • £399.00
  • 84 lessons
  • 0 hours of video content


  • What prerequisite knowledge do I need?

    Students should be comfortable writing C++ and C#.

  • Should I complete RTO before attempting RTO II?

    Although not mandatory, it is recommended. You'll probably be fine if you're already familiar with everything covered in the RTO curriculum.

Student Reviews

5 star rating

Excellent as always

Federico Lagrasta

The course is great and full of useful information from a well-known veteran ;)

The course is great and full of useful information from a well-known veteran ;)

Read Less
5 star rating


Hassan AlMusajjen

Really amazing course well done (Y)

Really amazing course well done (Y)

Read Less
5 star rating


D. G.

Excellent highly recommend for learning latest adversary tradecraft.

Excellent highly recommend for learning latest adversary tradecraft.

Read Less
5 star rating

Best Course avai

Mike Miles



Read Less
5 star rating


Vasileios Chantzaras

Great context flow!

Great context flow!

Read Less

Price Options

Purchase the course by itself or with included lab time. Each option comes with a free exam attempt.