Red Team Techniques

Subject Area

Learning Resources

Learn more by checking out these great sites.

Adversary Tactics: PowerShell

learning-resource

Course material for Specter Ops' "Adversary Tactics: PowerShell" course (which is no longer running). The course covers PowerShell Basics, PowerShell Remoting, PowerShell Without PowerShell, WMI, Active Directory, Reflection, Low-level Win32 Interop, PowerShell Prevention (Implementation, Auditing, and Bypasses), PowerShell Detection (Implementation, Auditing, and Bypasses).

Exploits 2: Exploitation in the Windows Environment

learning-resource

This course covers the exploitation of stack corruption vulnerabilities in the Windows environment. Stack overflows are programming flaws that often times allow an attacker to execute arbitrary code in the context of a vulnerable program. There are many nuances involved with exploiting these vulnerabilities in Windows. Window's exploit mitigations such as DEP, ASLR, SafeSEH, and SEHOP, makes leveraging these programming bugs more difficult, but not impossible. The course highlights the features and weaknesses of many the exploit mitigation techniques deployed in Windows operating systems. Also covered are labs that describe the process of finding bugs in Windows applications with mutation based fuzzing, and then developing exploits that target those bugs.

Hacking Techniques and Intrusion Detection

learning-resource

This course covers the most common methods used in computer and network hacking with the intention of learning how to better protect systems from such intrusions. These methods include reconnaissance techniques, system scanning, accessing systems by network and application level attacks, and denial of service attacks. During the course students will complete many hands on exercises.

Introduction To Software Exploits

learning-resource

Software vulnerabilities are flaws in program logic that can be leveraged by an attacker to execute arbitrary code on a target system. This class will cover both the identification of software vulnerabilities and the techniques attackers use to exploit them. In addition, current techniques that attempt to remediate the threat of software vulnerability exploitation will be discussed. specific topics covered include: shellcode development, stack overflow exploitation, heap overflow exploitation, static source code analysis, defeating non-executable stack protection.

Introduction To Vulnerability Assessment

learning-resource

This is a lecture and lab based class giving an introduction to vulnerability assessment of some common common computing technologies. Instructor-led lab exercises are used to demonstrate specific tools and technologies.

Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration

learning-resource

Intel processors have been a major force in personal computing for more than 30 years. An understanding of low level computing mechanisms used in Intel chips as taught in this course serves as a foundation upon which to better understand other hardware, as well as many technical specialties such as reverse engineering, compiler design, operating system design, code optimization, and vulnerability exploitation. 25% of the time will be spent bootstrapping knowledge of fully OS-independent aspects of Intel architecture. 50% will be spent learning Windows tools and analysis of simple programs. The final 25% of time will be spent learning Linux tools for analysis.

Microcorruption - Embedded Security CTF

learning-resource

You've been given access to a device that controls a lock. Your job: defeat the lock by exploiting bugs in the device's code. You're playing "Capture The Flag". You collect points for each level you beat, working your way through steadily more complicated vulnerabilities. Most levels showcase a single kind of real-world software flaw; some levels chain a series of them together. This device has a simple input: you provide a passcode, and if the passcode is correct, the lock unlocks. Just one problem: you don't know the passcode. Unlock it anyways. You'll use the debugger to reverse-engineer the code for each level. You can provide the device with input, then step through the code watching what the device does what that input. You're looking for a specific input that unlocks the device. Maybe that input is the correct pas

Offensive, Defensive, and Forensic Techniques for Determining Web User Identity

learning-resource

This course looks at web users from a few different perspectives. First, we look at identifying techniques to determine web user identities from a server perspective. Second, we will look at obfuscating techniques from a user whom seeks to be anonymous. Finally, we look at forensic techniques, which, when given a hard drive or similar media, we identify users who accessed that server.

Video Playlist: Exploitation in the Windows Environment

learning-resource

A Youtube playlist of the OpenSecurityTraining.info 'Exploitation in the Windows Environment' course being delivered. This course covers the exploitation of stack corruption vulnerabilities in the Windows environment. Stack overflows are programming flaws that often times allow an attacker to execute arbitrary code in the context of a vulnerable program. There are many nuances involved with exploiting these vulnerabilities in Windows. Window's exploit mitigations such as DEP, ASLR, SafeSEH, and SEHOP, makes leveraging these programming bugs more difficult, but not impossible. The course highlights the features and weaknesses of many the exploit mitigation techniques deployed in Windows operating systems. Also covered are labs that describe the process of finding bugs in Windows applications with mutation based fuzzing, and then developing exploits that target those bugs.

Video Playlist: Introduction To Software Exploits

learning-resource

A Youtube playlist of the OpenSecurityTraining.info 'Introduction To Software Exploits' course being delivered. Software vulnerabilities are flaws in program logic that can be leveraged by an attacker to execute arbitrary code on a target system. This class will cover both the identification of software vulnerabilities and the techniques attackers use to exploit them. In addition, current techniques that attempt to remediate the threat of software vulnerability exploitation will be discussed. specific topics covered include: shellcode development, stack overflow exploitation, heap overflow exploitation, static source code analysis, defeating non-executable stack protection.

Video Playlist: Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration

learning-resource

A Youtube playlist of the OpenSecurityTraining.info 'Introductory Intel x86' course being delivered. Intel processors have been a major force in personal computing for more than 30 years. An understanding of low level computing mechanisms used in Intel chips as taught in this course serves as a foundation upon which to better understand other hardware, as well as many technical specialties such as reverse engineering, compiler design, operating system design, code optimization, and vulnerability exploitation. 25% of the time will be spent bootstrapping knowledge of fully OS-independent aspects of Intel architecture. 50% will be spent learning Windows tools and analysis of simple programs. The final 25% of time will be spent learning Linux tools for analysis.

Video Playlist: Offensive, Defensive, and Forensic Techniques for Determining Web User Identity

learning-resource

A Youtube playlist of the OpenSecurityTraining.info 'Web User Identity' course being delivered. This course looks at web users from a few different perspectives. First, we look at identifying techniques to determine web user identities from a server perspective. Second, we will look at obfuscating techniques from a user whom seeks to be anonymous. Finally, we look at forensic techniques, which, when given a hard drive or similar media, we identify users who accessed that server.

Wargame: Behemoth

learning-resource

This wargame deals with a lot of regular vulnerabilities found commonly 'out in the wild'. While the game makes no attempts at emulating a real environment it will teach you how to exploit several of the most common coding mistakes including buffer overflows, race conditions and privilege escalation.

Wargame: Manpage (OverTheWire)

learning-resource

This game is about breaking some common linux c-programming misconceptions. A good tactic when beginning to audit code for the first time is to read the manpages for pitfalls and unusual behavior. Many of these levels were inspired by the famous work of Ilja.

Wargame: Maze (OverTheWire)

learning-resource

A series of hands of challenges to learn more about exploitation of common security vulnerabilities. From the author: you'll need knowledge of exploitation-techniques, programming (of course) and reverse- engineering. We've tried to make the levels tricky and some of them strange, so get ready to use gdb.

Wargame: Narnia

learning-resource

This wargame is for the ones that want to learn basic exploitation. You can see the most common bugs in this game and we've tried to make them easy to exploit. You'll get the source code of each level to make it easier for you to spot the vuln and abuse it. The difficulty of the game is somewhere between Leviathan and Behemoth, but some of the levels could be quite tricky.

Wargame: Utumno

learning-resource

A series of hands of challenges to learn more about exploitation of common security vulnerabilities. This is a regular wargame composed of 10 different levels. It's slightly harder than the previous wargames in the same genre. Actually, it's a lot harder than Leviathan and a bit harder than Behemoth so if you haven't beaten those two you will probably want to do that first.

Wargame: Vortex (OverTheWire)

learning-resource

A series of hands of challenges to learn more about exploitation of common security vulnerabilities. This wargame from OverTheWire has 27 levels which cover topics such as: bit manipulation, writing shell code, crypt analysis and much much more!

pwnable.kr wargame

learning-resource

'pwnable.kr' is a non-commercial wargame site which provides various 'pwn' challenges regarding system exploitation. the main purpose of pwnable.kr is 'fun'. You can consider each of the challenges as a game. The site has over 50 challenges of varying difficulties to help you learn new skills and test them out.