Red Team Ops

Adversary Simulation and Red Team Operations.

Red Team Ops is an online, self-study course that teaches the basic principles, tools and techniques synonymous with red teaming.

Students will first cover the core concepts of adversary simulation, command & control, engagement planning and reporting.

They will then go through each stage of the attack lifecycle - from initial compromise to full domain takeover, data hunting and exfiltration. Students will learn how common "OPSEC failures" can lead to detection by defenders, and how to carry out those attacks in a stealthier way.

Finally, they will learn how to bypass defences such as Windows Defender, AMSI and AppLocker.

Course Curriculum

1. Course Introduction
  FREE PREVIEW
2. What is Red Teaming?
  FREE PREVIEW
3. What is OPSEC?
4. Primum non nocere?
5. Attack Lifecycle
6. Engagement Planning
7. Post-Engagement & Reporting
1. Red Team Ops Lab
2. Cobalt Strike
3. Starting the Team Server
  FREE PREVIEW
4. Starting the Team Server Demo
  FREE PREVIEW
5. Listener Management
6. Listener Management Demo
7. Generating Payloads
8. Interacting with Beacon
9. Interacting with Beacon Demo
10. Pivot Listeners
11. Pivot Listeners Demo
12. Running as a Service
13. Running as a Service Demo
1. External Reconnaissance
2. DNS Records
3. Google Dorks
4. Social Media
1. Initial Compromise
2. Password Spraying
3. Password Spraying Demo
4. Internal Phishing
5. Initial Access Payloads
6. Visual Basic for Applications (VBA) Macros
7. VBA Macro Demo
8. Remote Template Injection
9. Remote Template Injection Demo
10. HTML Smuggling
1. Host Reconnaissance
2. Processes
3. Seatbelt
4. Screenshots
5. Keylogger
6. Clipboard
7. User Sessions
1. Host Persistence
2. Task Scheduler
3. Startup Folder
4. Registry AutoRun
5. Hunting for COM Hijacks
1. Host Privilege Escalation
2. Windows Services
3. Unquoted Service Paths
  FREE PREVIEW
4. Weak Service Permissions
5. Weak Service Binary Permissions
6. UAC Bypasses
1. Elevated Host Persistence
2. Windows Services
3. WMI Event Subscriptions
1. Obtaining Credential Material
2. Beacon + Mimikatz
  FREE PREVIEW
3. NTLM Hashes
4. Kerberos Encryption Keys
5. Security Account Manager
6. Domain Cached Credentials
7. Extracting Kerberos Tickets
8. DCSync
1. Password Cracking Tips & Tricks
2. Wordlists
3. Wordlist + Rules
4. Masks
5. Mask Length & Mask Files
6. Combinator
7. Hybrid
8. kwprocessor
1. Domain Recon
2. PowerView
3. SharpView
4. ADSearch
1. User Impersonation
2. Pass the Hash
3. Pass the Ticket
4. Overpass the Hash
  FREE PREVIEW
5. Token Impersonation
6. Token Store
7. Make Token
8. Process Injection
1. Lateral Movement
2. Windows Remote Management
  FREE PREVIEW
3. PsExec
4. Windows Management Instrumentation (WMI)
5. The Curious Case of CoInitializeSecurity
6. DCOM
1. Session Passing
2. Beacon Passing
3. Foreign Listener
  FREE PREVIEW
4. Spawn & Inject
1. Data Protection API
2. Credential Manager
  FREE PREVIEW
3. Scheduled Task Credentials
1. Kerberos
2. Kerberoasting
3. ASREP Roasting
4. Unconstrained Delegation
5. Unconstrained Delegation Demo
6. Constrained Delegation
7. Constrained Delegation Demo
8. Alternate Service Name
9. S4U2Self Abuse
  FREE PREVIEW
10. S4U2Self Demo
  FREE PREVIEW
11. Resource-Based Constrained Delegation
12. RBCD Demo
13. Shadow Credentials
14. Kerberos Relay Attacks
1. SOCKS Proxies
2. Linux Tools
3. Proxychains Demo
4. Windows Tools
  FREE PREVIEW
5. Proxifier Demo
  FREE PREVIEW
6. Pivoting with Kerberos
7. Browsers
8. Reverse Port Forwards
9. NTLM Relaying
10. NTLM Relaying Demo
11. Relaying WebDAV
1. Active Directory Certificate Services
2. Finding Certificate Authorities
3. Misconfigured Certificate Templates
  FREE PREVIEW
4. Vulnerable User Template Demo
  FREE PREVIEW
5. NTLM Relaying to ADCS HTTP Endpoints
6. User & Computer Persistence
1. Abusing Group Policy
2. Modify Existing GPO
  FREE PREVIEW
3. Create & Link a GPO
1. MS SQL Servers
2. MS SQL Impersonation
  FREE PREVIEW
3. MS SQL Command Execution
4. MS SQL Command Exection Demo
5. MS SQL Lateral Movement
6. MS SQL Lateral Movement Demo
7. MS SQL Privilege Escalation
8. MS SQL Privilege Escalation Demo
1. Configuration Manager
2. Enumeration
  FREE PREVIEW
3. Network Access Account Credentials
4. Lateral Movement
1. Domain Dominance
2. Silver Tickets
3. Golden Tickets
4. Diamond Tickets
  FREE PREVIEW
5. Forged Certificates
1. Forest & Domain Trusts
2. Parent/Child
  FREE PREVIEW
3. One-Way Inbound
4. One-Way Outbound
1. Local Administrator Password Solution
2. Reading ms-Mcs-AdmPwd
  FREE PREVIEW
3. Password Expiration Protection
4. LAPS Backdoors
1. Microsoft Defender Antivirus
2. Artifact Kit
  FREE PREVIEW
3. Artifact Kit Demo
  FREE PREVIEW
4. Malleable C2
5. Resource Kit
6. AMSI vs Post-Exploitation
7. Manual AMSI Bypasses
8. Behavioural Detections
9. Parent/Child Relationships
10. Command Line Detections
1. AppLocker
2. Policy Enumeration
  FREE PREVIEW
3. Writeable Paths
4. Living Off The Land Binaries, Scripts and Libraries
5. PowerShell CLM
6. Beacon DLL
1. Data Hunting & Exfiltration
2. File Shares
3. Databases
  FREE PREVIEW
1. Extending Cobalt Strike
2. Mimikatz Kit
3. Jump & Remote-Exec
4. Beacon Object Files
  FREE PREVIEW
5. Malleable Command & Control
1. Enabling Windows Defender

About this course

£365.00
180 lessons
2 hours of video content

FAQ

What prerequisite knowledge do I need?

Students should have a good working knowledge of Windows and Active Directory environments. Prior penetrating testing experience would be a bonus. Familiarity with C, C# and PowerShell would also be advantageous but not essential.
Is lab access included with the course?

You can purchase lab time with the course - see the pricing options below.
Does the lab have usage limits?

Yes, you are limited in the total number of hours that you can run the lab for. These are 40/80/120hours for the 30/60/90 day options respectively.
What if I don't use all the hours?

As a rule of thumb, any unused hours are lost. Cases that involve 'damnum fatale' are assessed on a case-by-case basis.
What if I hit the usage cap before my lab expires?

Contact [email protected] to discuss your options.
Can I choose my lab start time?

No, lab access starts at the time of purchase.
I left my lab running, can I have my hours back?

Managing your runtime is your responsibility and we cannot reimburse you for hours lost by forgetting to shut the lab down.
Does the course include an exam attempt?

Yes - you get 1 free exam attempt when you purchase the course. The voucher does not have an expiry date.
Can I take the exam without buying the course?

Yes - just pay the fee and schedule the exam from the booking page.

Student Reviews

Beyond Expectations - 5 Stars

Eric Osinski

Zero Point Security's RTO course content went above and beyond my expectations. The course modules are well designed, organized and informative. Additionally...

Zero Point Security's RTO course content went above and beyond my expectations. The course modules are well designed, organized and informative. Additionally, the lab environment acts as a fantastic tool to practice the techniques that you're learning alongside the modules. The fact that the course content is updated frequently and is available indefinitely provides great value to enrollees. Overall, I highly recommend this course to those looking to solidify their foundational knowledge of red team methodology and testing through command and control.

Read Less

Amazing value course

Konstantin Karabadzhakov

After finishing the OSEP and immediately jumping into the CRTO, I can certainly say I learned even more in regards to enumeration of domains, active director...

After finishing the OSEP and immediately jumping into the CRTO, I can certainly say I learned even more in regards to enumeration of domains, active directory, lateral movement, etc. The addition of cobalt strike and touching on Splunk and detections is of incredible value ! I can only say I highly recommend to course !

Read Less

Truly amazing

Jeremiasz Pluta

This course is amazing and should be strongly recommended for anyone, that wants to take a step into the world of red teaming. It presents the matters of red...

This course is amazing and should be strongly recommended for anyone, that wants to take a step into the world of red teaming. It presents the matters of red teaming in simple, understanding way. Everyone who's relatively familiar with penetration testing can learn many new techniques and begin to feel confident in area of red teaming.

Read Less

Great Intro!

STEPHEN HARUNA

This is a must for every offensive security person.

Read Less

A must have certificate.

Perry Daniel Junior Ofori

I have gained in two months what it would have taken me a year to learn. The TTP and knowledge in this course is publicly available but having having someone...

I have gained in two months what it would have taken me a year to learn. The TTP and knowledge in this course is publicly available but having having someone structure it as a guide with accompanying labs makes knowledge acquisition faster.

Read Less

This course is gold

Roberto La Piana

This course is gold if you're ready to get better at Active Directory, and level up your skills. Really quality material, and well explained. I'm already usi...

This course is gold if you're ready to get better at Active Directory, and level up your skills. Really quality material, and well explained. I'm already using this knowledge on engagements and I'm just half-way through. Although CobaltStrike heavy, all concepts, commands and tools can be used/applied to scenarios where CobltStrike is not a thing with very little modification. I do recommend some base knowledge before enrolling, but that goes without saying. Well done ZeroPointSecurity

Read Less

Price Options

Purchase the course by itself or with included lab time. Each option comes with a free exam attempt.

£365.00

Course only

Buy Now
£405.00

Course + 30 Days Lab

Buy Now
£445.00

Course + 60 Days Lab

Buy Now
£485.00

Course + 90 Days Lab

Buy Now

Getting Started

Command & Control

External Reconnaissance

Initial Compromise

Host Reconnaissance

Host Persistence

Host Privilege Escalation

Host Persistence (Reprised)

Credential Theft

Password Cracking Tips & Tricks

Domain Reconnaissance

User Impersonation

Lateral Movement

Session Passing

Data Protection API

Kerberos

Pivoting

Active Directory Certificate Services

Group Policy

MS SQL Servers

Microsoft Configuration Manager

Domain Dominance

Forest & Domain Trusts

Local Administrator Password Solution

Microsoft Defender Antivirus

Application Whitelisting

Data Hunting & Exfiltration

Extending Cobalt Strike

Exam Preparation

About this course

£365.00

£405.00

£445.00

£485.00