دوره Red Team Pack

توضیحات

طول دوره: 90 ساعت

توضیحات دوره

دوره تیم قرمز با رویکرد بررسی نقاط ضعف کسب و کارهای مختلف با استفاده از تکنیک پیشرفته نفوذ و به صورت چند وجهی طراحی شده است. با توجه به آسیب پذیرها و تهدیدات مختلف که برخی از آن ها منطقی و پنهان هستند، تست نفوذ ساده نمی تواند نیاز یک سازمان را برآورده کند. وظیفه تیم قرمز بررسی تکنیک های مختلف و به چالش کشیدن تمامی فرایند های مهم دیجیتالی یک کسب و کار می باشد.

در دوره تیم قرمز افراد با مراحل و روش های انجام تست توسط تیم قرمز آشنا می شوند. این مراحل شامل مهندسی اجتماعی ، جمع آوری اطلاعات ، ایجاد دسترسی ، نگهداری دسترسی، بای پس کردن مکانیزم های امنیتی ، نفوذ به دایرکتوری سرویس و بسیاری از موارد دیگر آشنا می شوند.

مخاطبین دوره

• کارشناسان ارزیابی و تست نفوذ زیرساخت
• کارشناسان تیم قرمز
• کارشناسان تیم آبی

سرفصل دوره

1. Red Team Fundamentals

• Red Team Fundamentals :Learn about the basics of a red engagement, the main components and stakeholders involved, and how red teaming differs from other cyber security engagements
• Red Team Engagements :Learn the steps and procedures of a red team engagement, including planning, frameworks, and documentation
• Red Team Threat Intel :Apply threat intelligence to red team engagements and adversary emulation
• Red Team OPSEC : Learn how to apply Operations Security (OPSEC) process for Red Teams

2. Vulnerability Research

• Introduction
• Introduction to Vulnerabilities
• Scoring Vulnerabilities (CVSS & VPR)
• Vulnerability Databases
• Automated Vs. Manual Vulnerability Research
• Finding Manual Exploits
• Example of Manual Exploitation

3. Initial Access

• Red Team Recon : Learn how to use DNS, advanced searching, Recon-ng, and

Maltego to collect information about your target

• Weaponization : Understand and explore common red teaming weaponization techniques. You will learn to build custom payloads using common methods seen in the industry to get initial access
• Password Attacks : This room introduces the fundamental techniques to perform a successful password attack against various services and scenarios
• Phishing : Learn what phishing is and why it’s important to a red team engagement. You will set up phishing infrastructure, write a convincing phishing email and try to trick your target into opening your email in a realworld simulation

 

4. Post Compromise

• The Lay of the Land : Learn about and get hands-on with common technologies and security products used in corporate environments; both host and network-based security solutions are covered
• Enumeration : This room is an introduction to enumeration when approaching an unknown corporate environment
• Windows Privilege Escalation : Learn the fundamentals of Windows privilege escalation techniques
• Windows Local Persistence : Learn the most common persistence techniques used on Windows machines
• Lateral Movement and Pivoting : Learn about common techniques used to move laterally across a Windows network
• Data Exfiltration : An introduction to Data Exfiltration and Tunneling techniques over various protocols

 

5. Host Evasions

• Windows Internals : Learn and understand the fundamentals of how Windows operates at its core
• Introduction to Windows API : Learn how to interact with the win32 API and understand its wide range of use cases
• Abusing Windows Internals : Leverage windows internals components to evade common detection solutions, using modern tool-agnostic approaches
• Introduction to Antivirus : Understand how antivirus software works and what detection techniques are used to bypass malicious file checks
• AV Evasion: Shellcode : Learn shellcode encoding, packing, binders, and crypters
• Obfuscation Principles : Leverage tool-agnostic software obfuscation practices to hide malicious functions and create unique code
• Signature Evasion : Learn how to break signatures and evade common AV, using modern tool-agnostic approaches
• Bypassing UAC : Learn common ways to bypass User Account Control (UAC) in Windows hosts
• Runtime Detection Evasion : Learn how to bypass common runtime detection measures, such as AMSI, using modern toolagnostic approaches
• Evading Logging and Monitoring : Learn how to bypass common logging and system monitoring, such as ETW, using modern tool-agnostic approaches
• Living Off the Land : Learn the essential concept of “Living Off the Land” in Red Team engagements.

 

6. Network Security Evasion

• Network Security Solutions : Learn about and experiment with various IDS/IPS evasion techniques, such as protocol and payload manipulation
• Firewalls : Learn about and experiment with various firewall evasion techniques, such as port hopping and port tunneling
• Sandbox Evasion : Learn about active defense mechanisms Blue Teamers can deploy to identify adversaries in their environment

7. Compromising Active Directory

• Active Directory Basics : This room will introduce the basic concepts and functionality provided by Active Directory.
• Breaching Active Directory : This network covers techniques and tools that can be used to acquire that first set of AD credentials that can then be used to enumerate AD
• Enumerating Active Directory : This room covers various Active Directory enumeration techniques, their use cases as well as drawbacks
• Lateral Movement and Pivoting : Learn about common techniques used to move laterally across a Windows network
• Exploiting Active Directory : Learn common AD exploitation techniques that can allow you to reach your goal in an AD environment
• Persisting Active Directory : Learn about common Active Directory persistence techniques that can be used post-compromise to ensure the blue team will not be able to kick you out during a red team exercise
• Credentials Harvesting : Apply current authentication models employed in modern environments to a red team approach

 

8. OWASP Top 10

• Injection
• Broken Authentication
• Sensitive Data Exposure
• XML External Entity
• Broken Access Control
• Security Misconfiguration
• Cross-site Scripting
• Insecure Deserialization
• Components with Known Vulnerabilities
• Insufficent Logging & Monitoring

 

9. Metasploit

• Metasploit Ans Environment
• Main Components of Metasploit
• Msfconsole
• Working with modules
• Scanning
• The Metasploit Database
• Vulnerability Scanning
• Bruteforcing SSH with Metasploit
• Attacking Tomcat with Metasploit
• Exploitation
• Msfvenom
• Windows payloads with MSFvenom
• Meterpreter
• Meterpreter Flavors

 

10. CobaltStrike

• Cobalt Strike Operations
• Cobalt Strike Infrastructure
• Cobalt Strike C2
• Cobalt Strike Weaponization
• Cobalt Strike – Initial Access
• Cobalt Strike – Post Exploitation
• Cobalt Strike – Privilege Escalation
• Cobalt Strike – Lateral Movement
• Cobalt Strike – Pivoting

 

SEC565: Red Team Operations and Adversary Emulation

1. Planning Adversary Emulation and Threat Intelligence

Advanced adversary emulation methods

Unified kill chain and attack mapping

AI-assisted CTI analysis and TTP extraction

Multi-factor bypass techniques

Social engineering and AI-generated pretexts

2. Attack Infrastructure and Operational Security

Modern C2 infrastructure design

Advanced redirector methodologies

Third-party hosting strategies

OPSEC and infrastructure hardening

AI-Driven C2 Operations with Model Context Protocol (MCP)

3. Getting In and Staying In

Sophisticated payload engineering

Defensive control bypass tactics

Network infiltration methodology

AI-assisted tool restoration and patching

Vibe coding custom evasion frameworks

4. Active Directory Attacks and Lateral Movement

Domain trust exploitation chains

Authentication bypass techniques

Certificate service manipulation

Advanced delegation attacks

Enterprise network pivoting

5. Obtaining the Objective and Reporting

Database exploitation techniques

Target system manipulation

Engagement analysis frameworks

Breach simulation deployment

Red team measurement protocols

6. Immersive Red Team Capture-the-Flag

Enterprise adversary emulation

Cross-domain attack strategies

Credential theft and exploitation

Advanced C2 infrastructure

Comprehensive impact analysis