Red Team Techniques
Learn all about Red Team Techniques with great learning resources from videos to articles to complete training courses.
Online Training
external-learning-resource
Adversary Tactics: PowerShell
Course material for Specter Ops' "Adversary Tactics: PowerShell" course (which is no longer running). The course covers PowerShell Basics, PowerShell Remoting, PowerShell Without PowerShell, WMI, Active Directory, Reflection, Low-level Win32 Interop, PowerShell Prevention (Implementation, Auditing, and Bypasses), PowerShell Detection (Implementation, Auditing, and Bypasses).
external-learning-resource
Microcorruption - Embedded Security CTF
You've been given access to a device that controls a lock. Your job: defeat the lock by exploiting bugs in the device's code. You're playing "Capture The Flag". You collect points for each level you beat, working your way through steadily more complicated vulnerabilities. Most levels showcase a single kind of real-world software flaw; some levels chain a series of them together. This device has a simple input: you provide a passcode, and if the passcode is correct, the lock unlocks. Just one problem: you don't know the passcode. Unlock it anyways. You'll use the debugger to reverse-engineer the code for each level. You can provide the device with input, then step through the code watching what the device does what that input. You're looking for a specific input that unlocks the device. Maybe that input is the correct pas
external-learning-resource
Exploits 2: Exploitation in the Windows Environment
This course covers the exploitation of stack corruption vulnerabilities in the Windows environment. Stack overflows are programming flaws that often times allow an attacker to execute arbitrary code in the context of a vulnerable program. There are many nuances involved with exploiting these vulnerabilities in Windows. Window's exploit mitigations such as DEP, ASLR, SafeSEH, and SEHOP, makes leveraging these programming bugs more difficult, but not impossible. The course highlights the features and weaknesses of many the exploit mitigation techniques deployed in Windows operating systems. Also covered are labs that describe the process of finding bugs in Windows applications with mutation based fuzzing, and then developing exploits that target those bugs.
external-learning-resource
Hacking Techniques and Intrusion Detection
This course covers the most common methods used in computer and network hacking with the intention of learning how to better protect systems from such intrusions. These methods include reconnaissance techniques, system scanning, accessing systems by network and application level attacks, and denial of service attacks. During the course students will complete many hands on exercises.
external-learning-resource
Introduction To Software Exploits
Software vulnerabilities are flaws in program logic that can be leveraged by an attacker to execute arbitrary code on a target system. This class will cover both the identification of software vulnerabilities and the techniques attackers use to exploit them. In addition, current techniques that attempt to remediate the threat of software vulnerability exploitation will be discussed. specific topics covered include: shellcode development, stack overflow exploitation, heap overflow exploitation, static source code analysis, defeating non-executable stack protection.
external-learning-resource
Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration
Intel processors have been a major force in personal computing for more than 30 years. An understanding of low level computing mechanisms used in Intel chips as taught in this course serves as a foundation upon which to better understand other hardware, as well as many technical specialties such as reverse engineering, compiler design, operating system design, code optimization, and vulnerability exploitation. 25% of the time will be spent bootstrapping knowledge of fully OS-independent aspects of Intel architecture. 50% will be spent learning Windows tools and analysis of simple programs. The final 25% of time will be spent learning Linux tools for analysis.
external-learning-resource
Offensive, Defensive, and Forensic Techniques for Determining Web User Identity
This course looks at web users from a few different perspectives. First, we look at identifying techniques to determine web user identities from a server perspective. Second, we will look at obfuscating techniques from a user whom seeks to be anonymous. Finally, we look at forensic techniques, which, when given a hard drive or similar media, we identify users who accessed that server.
external-learning-resource
Wargame: Behemoth
This wargame deals with a lot of regular vulnerabilities found commonly 'out in the wild'. While the game makes no attempts at emulating a real environment it will teach you how to exploit several of the most common coding mistakes including buffer overflows, race conditions and privilege escalation.
external-learning-resource
Wargame: Manpage (OverTheWire)
This game is about breaking some common linux c-programming misconceptions. A good tactic when beginning to audit code for the first time is to read the manpages for pitfalls and unusual behavior. Many of these levels were inspired by the famous work of Ilja.
external-learning-resource
Wargame: Maze (OverTheWire)
A series of hands of challenges to learn more about exploitation of common security vulnerabilities. From the author: you'll need knowledge of exploitation-techniques, programming (of course) and reverse- engineering. We've tried to make the levels tricky and some of them strange, so get ready to use gdb.
external-learning-resource
Wargame: Utumno
A series of hands of challenges to learn more about exploitation of common security vulnerabilities. This is a regular wargame composed of 10 different levels. It's slightly harder than the previous wargames in the same genre. Actually, it's a lot harder than Leviathan and a bit harder than Behemoth so if you haven't beaten those two you will probably want to do that first.
external-learning-resource
Wargame: Narnia
This wargame is for the ones that want to learn basic exploitation. You can see the most common bugs in this game and we've tried to make them easy to exploit. You'll get the source code of each level to make it easier for you to spot the vuln and abuse it. The difficulty of the game is somewhere between Leviathan and Behemoth, but some of the levels could be quite tricky.
external-learning-resource
Wargame: Vortex (OverTheWire)
A series of hands of challenges to learn more about exploitation of common security vulnerabilities. This wargame from OverTheWire has 27 levels which cover topics such as: bit manipulation, writing shell code, crypt analysis and much much more!
external-learning-resource
pwnable.kr wargame
'pwnable.kr' is a non-commercial wargame site which provides various 'pwn' challenges regarding system exploitation. the main purpose of pwnable.kr is 'fun'. You can consider each of the challenges as a game. The site has over 50 challenges of varying difficulties to help you learn new skills and test them out.
external-learning-resource
Video Playlist: Exploitation in the Windows Environment
A Youtube playlist of the OpenSecurityTraining.info 'Exploitation in the Windows Environment' course being delivered. This course covers the exploitation of stack corruption vulnerabilities in the Windows environment. Stack overflows are programming flaws that often times allow an attacker to execute arbitrary code in the context of a vulnerable program. There are many nuances involved with exploiting these vulnerabilities in Windows. Window's exploit mitigations such as DEP, ASLR, SafeSEH, and SEHOP, makes leveraging these programming bugs more difficult, but not impossible. The course highlights the features and weaknesses of many the exploit mitigation techniques deployed in Windows operating systems. Also covered are labs that describe the process of finding bugs in Windows applications with mutation based fuzzing, and then developing exploits that target those bugs.
external-learning-resource
Video Playlist: Introduction To Software Exploits
A Youtube playlist of the OpenSecurityTraining.info 'Introduction To Software Exploits' course being delivered. Software vulnerabilities are flaws in program logic that can be leveraged by an attacker to execute arbitrary code on a target system. This class will cover both the identification of software vulnerabilities and the techniques attackers use to exploit them. In addition, current techniques that attempt to remediate the threat of software vulnerability exploitation will be discussed. specific topics covered include: shellcode development, stack overflow exploitation, heap overflow exploitation, static source code analysis, defeating non-executable stack protection.
external-learning-resource
Video Playlist: Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration
A Youtube playlist of the OpenSecurityTraining.info 'Introductory Intel x86' course being delivered. Intel processors have been a major force in personal computing for more than 30 years. An understanding of low level computing mechanisms used in Intel chips as taught in this course serves as a foundation upon which to better understand other hardware, as well as many technical specialties such as reverse engineering, compiler design, operating system design, code optimization, and vulnerability exploitation. 25% of the time will be spent bootstrapping knowledge of fully OS-independent aspects of Intel architecture. 50% will be spent learning Windows tools and analysis of simple programs. The final 25% of time will be spent learning Linux tools for analysis.
external-learning-resource
Video Playlist: Offensive, Defensive, and Forensic Techniques for Determining Web User Identity
A Youtube playlist of the OpenSecurityTraining.info 'Web User Identity' course being delivered. This course looks at web users from a few different perspectives. First, we look at identifying techniques to determine web user identities from a server perspective. Second, we will look at obfuscating techniques from a user whom seeks to be anonymous. Finally, we look at forensic techniques, which, when given a hard drive or similar media, we identify users who accessed that server.