Red Team Techniques
Subject Area
Learning Resources
Learn more by checking out these great sites.
Adversary Tactics: PowerShell
learning-resource
Course material for Specter Ops' "Adversary Tactics: PowerShell" course (which is no longer running). The course covers PowerShell Basics, PowerShell Remoting, PowerShell Without PowerShell, WMI, Active Directory, Reflection, Low-level Win32 Interop, PowerShell Prevention (Implementation, Auditing, and Bypasses), PowerShell Detection (Implementation, Auditing, and Bypasses).
Visit WebsiteExploits 2: Exploitation in the Windows Environment
learning-resource
This course covers the exploitation of stack corruption vulnerabilities in the Windows environment. Stack overflows are programming flaws that often times allow an attacker to execute arbitrary code in the context of a vulnerable program. There are many nuances involved with exploiting these vulnerabilities in Windows. Window's exploit mitigations such as DEP, ASLR, SafeSEH, and SEHOP, makes leveraging these programming bugs more difficult, but not impossible. The course highlights the features and weaknesses of many the exploit mitigation techniques deployed in Windows operating systems. Also covered are labs that describe the process of finding bugs in Windows applications with mutation based fuzzing, and then developing exploits that target those bugs.
Visit WebsiteHacking Techniques and Intrusion Detection
learning-resource
This course covers the most common methods used in computer and network hacking with the intention of learning how to better protect systems from such intrusions. These methods include reconnaissance techniques, system scanning, accessing systems by network and application level attacks, and denial of service attacks. During the course students will complete many hands on exercises.
Visit WebsiteIntroduction To Software Exploits
learning-resource
Software vulnerabilities are flaws in program logic that can be leveraged by an attacker to execute arbitrary code on a target system. This class will cover both the identification of software vulnerabilities and the techniques attackers use to exploit them. In addition, current techniques that attempt to remediate the threat of software vulnerability exploitation will be discussed. specific topics covered include: shellcode development, stack overflow exploitation, heap overflow exploitation, static source code analysis, defeating non-executable stack protection.
Visit WebsiteIntroduction To Vulnerability Assessment
learning-resource
This is a lecture and lab based class giving an introduction to vulnerability assessment of some common common computing technologies. Instructor-led lab exercises are used to demonstrate specific tools and technologies.
Visit WebsiteIntroductory Intel x86: Architecture, Assembly, Applications, & Alliteration
learning-resource
Intel processors have been a major force in personal computing for more than 30 years. An understanding of low level computing mechanisms used in Intel chips as taught in this course serves as a foundation upon which to better understand other hardware, as well as many technical specialties such as reverse engineering, compiler design, operating system design, code optimization, and vulnerability exploitation. 25% of the time will be spent bootstrapping knowledge of fully OS-independent aspects of Intel architecture. 50% will be spent learning Windows tools and analysis of simple programs. The final 25% of time will be spent learning Linux tools for analysis.
Visit WebsiteMicrocorruption - Embedded Security CTF
learning-resource
You've been given access to a device that controls a lock. Your job: defeat the lock by exploiting bugs in the device's code. You're playing "Capture The Flag". You collect points for each level you beat, working your way through steadily more complicated vulnerabilities. Most levels showcase a single kind of real-world software flaw; some levels chain a series of them together. This device has a simple input: you provide a passcode, and if the passcode is correct, the lock unlocks. Just one problem: you don't know the passcode. Unlock it anyways. You'll use the debugger to reverse-engineer the code for each level. You can provide the device with input, then step through the code watching what the device does what that input. You're looking for a specific input that unlocks the device. Maybe that input is the correct pas
Visit WebsiteOffensive, Defensive, and Forensic Techniques for Determining Web User Identity
learning-resource
This course looks at web users from a few different perspectives. First, we look at identifying techniques to determine web user identities from a server perspective. Second, we will look at obfuscating techniques from a user whom seeks to be anonymous. Finally, we look at forensic techniques, which, when given a hard drive or similar media, we identify users who accessed that server.
Visit WebsiteVideo Playlist: Exploitation in the Windows Environment
learning-resource
A Youtube playlist of the OpenSecurityTraining.info 'Exploitation in the Windows Environment' course being delivered. This course covers the exploitation of stack corruption vulnerabilities in the Windows environment. Stack overflows are programming flaws that often times allow an attacker to execute arbitrary code in the context of a vulnerable program. There are many nuances involved with exploiting these vulnerabilities in Windows. Window's exploit mitigations such as DEP, ASLR, SafeSEH, and SEHOP, makes leveraging these programming bugs more difficult, but not impossible. The course highlights the features and weaknesses of many the exploit mitigation techniques deployed in Windows operating systems. Also covered are labs that describe the process of finding bugs in Windows applications with mutation based fuzzing, and then developing exploits that target those bugs.
Visit WebsiteVideo Playlist: Introduction To Software Exploits
learning-resource
A Youtube playlist of the OpenSecurityTraining.info 'Introduction To Software Exploits' course being delivered. Software vulnerabilities are flaws in program logic that can be leveraged by an attacker to execute arbitrary code on a target system. This class will cover both the identification of software vulnerabilities and the techniques attackers use to exploit them. In addition, current techniques that attempt to remediate the threat of software vulnerability exploitation will be discussed. specific topics covered include: shellcode development, stack overflow exploitation, heap overflow exploitation, static source code analysis, defeating non-executable stack protection.
Visit WebsiteVideo Playlist: Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration
learning-resource
A Youtube playlist of the OpenSecurityTraining.info 'Introductory Intel x86' course being delivered. Intel processors have been a major force in personal computing for more than 30 years. An understanding of low level computing mechanisms used in Intel chips as taught in this course serves as a foundation upon which to better understand other hardware, as well as many technical specialties such as reverse engineering, compiler design, operating system design, code optimization, and vulnerability exploitation. 25% of the time will be spent bootstrapping knowledge of fully OS-independent aspects of Intel architecture. 50% will be spent learning Windows tools and analysis of simple programs. The final 25% of time will be spent learning Linux tools for analysis.
Visit WebsiteVideo Playlist: Offensive, Defensive, and Forensic Techniques for Determining Web User Identity
learning-resource
A Youtube playlist of the OpenSecurityTraining.info 'Web User Identity' course being delivered. This course looks at web users from a few different perspectives. First, we look at identifying techniques to determine web user identities from a server perspective. Second, we will look at obfuscating techniques from a user whom seeks to be anonymous. Finally, we look at forensic techniques, which, when given a hard drive or similar media, we identify users who accessed that server.
Visit WebsiteWargame: Behemoth
learning-resource
This wargame deals with a lot of regular vulnerabilities found commonly 'out in the wild'. While the game makes no attempts at emulating a real environment it will teach you how to exploit several of the most common coding mistakes including buffer overflows, race conditions and privilege escalation.
Visit WebsiteWargame: Manpage (OverTheWire)
learning-resource
This game is about breaking some common linux c-programming misconceptions. A good tactic when beginning to audit code for the first time is to read the manpages for pitfalls and unusual behavior. Many of these levels were inspired by the famous work of Ilja.
Visit WebsiteWargame: Maze (OverTheWire)
learning-resource
A series of hands of challenges to learn more about exploitation of common security vulnerabilities. From the author: you'll need knowledge of exploitation-techniques, programming (of course) and reverse- engineering. We've tried to make the levels tricky and some of them strange, so get ready to use gdb.
Visit WebsiteWargame: Narnia
learning-resource
This wargame is for the ones that want to learn basic exploitation. You can see the most common bugs in this game and we've tried to make them easy to exploit. You'll get the source code of each level to make it easier for you to spot the vuln and abuse it. The difficulty of the game is somewhere between Leviathan and Behemoth, but some of the levels could be quite tricky.
Visit WebsiteWargame: Utumno
learning-resource
A series of hands of challenges to learn more about exploitation of common security vulnerabilities. This is a regular wargame composed of 10 different levels. It's slightly harder than the previous wargames in the same genre. Actually, it's a lot harder than Leviathan and a bit harder than Behemoth so if you haven't beaten those two you will probably want to do that first.
Visit WebsiteWargame: Vortex (OverTheWire)
learning-resource
A series of hands of challenges to learn more about exploitation of common security vulnerabilities. This wargame from OverTheWire has 27 levels which cover topics such as: bit manipulation, writing shell code, crypt analysis and much much more!
Visit Websitepwnable.kr wargame
learning-resource
'pwnable.kr' is a non-commercial wargame site which provides various 'pwn' challenges regarding system exploitation. the main purpose of pwnable.kr is 'fun'. You can consider each of the challenges as a game. The site has over 50 challenges of varying difficulties to help you learn new skills and test them out.
Visit Website