EXPERT

Red Team Operations

Full-scope adversary simulation. Covert C2 infrastructure, physical breaches, and AD forest compromise.

Your Progress

0%

Syllabus

1

Red Team Operations

2

Command and Control (C2) Infrastructure

3

Active Directory Forest Compromise

4

Physical Security Bypass

5

Zero-Day Exploit Development

6

Red Team Engagement Planning

7

Threat Intelligence Led Operations

8

OPSEC (Operational Security) for Red Teams

9

Setting up Covert C2 Infrastructure

10

Domain Fronting and Redirectors

11

Cobalt Strike: Advanced Profiles

12

Mythic C2 Framework Deployment

13

Living off the Land Binaries (LOLBins)

14

Windows API Hooking and Unhooking

15

Direct Syscalls in C/C++

16

Process Injection: Process Hollowing

17

Process Injection: APC Injection

18

Evading EDR User-Land Hooks

19

Evading EDR Kernel Callbacks

20

Active Directory Forest Trusts and Compromise

21

Forging Inter-Realm Trust Tickets

22

Exchange Server Exploitation

23

Microsoft SCCM Attacks

24

Kerberos Unconstrained Delegation Abuse

25

Kerberos Constrained Delegation Abuse

26

Resource-Based Constrained Delegation (RBCD)

27

Bypassing Windows Defender Credential Guard

28

Dumping LSASS Safely

29

NTLM Relay to AD CS (PetitPotam)

30

Active Directory Certificate Services (AD CS) ESC1-ESC8

31

Azure AD Seamless SSO Exploitation

32

Compromising Azure Key Vaults

33

AWS AssumeRole Privilege Escalation

34

GCP Service Account Hijacking

35

Physical Penetration Testing Techniques

36

Lockpicking and Bypass Tools

37

RFID/HID Badge Cloning (Proxmark3)

38

Social Engineering: Pretexting

39

Social Engineering: Spear Phishing Campaigns

40

Dropping Hardware Implants (Raspberry Pi/Hak5)

41

Air-Gapped Network Compromise

42

Zero-Day Vulnerability Research

43

Fuzzing Browsers (V8/SpiderMonkey)

44

Kernel Fuzzing with Syzkaller

45

Patch Diffing with Bindiff

46

Exploiting Use-After-Free (UAF) Vulnerabilities

47

Heap Grooming and Feng Shui

48

Bypassing Control Flow Guard (CFG)

49

Bypassing Pointer Authentication (PAC) on ARM

50

Supply Chain Attacks

51

Compromising CI/CD Pipelines (Jenkins/GitLab)

52

Malware Development: Rootkits

53

Bootkits and UEFI Exploitation

54

Post-Engagement Cleanup and Reporting

55

Defending the Crown Jewels (Blue Team Perspectives)