Red Team Techniques

Learn all about Red Team Techniques with great learning resources from videos to articles to complete training courses.

Red Team Techniques

Provided by SpecterOps

Adversary Tactics: PowerShell

Course material for Specter Ops' "Adversary Tactics: PowerShell" course (which is no longer running). The course covers PowerShell Basics, PowerShell Remoting, PowerShell Without PowerShell, WMI, Active Directory, Reflection, Low-level Win32 Interop, PowerShell Prevention (Implementation, Auditing, and Bypasses), PowerShell Detection (Implementation, Auditing, and Bypasses).

Red Team Techniques

Provided by OpenSecurityTraining.info

Exploits 2: Exploitation in the Windows Environment

This course covers the exploitation of stack corruption vulnerabilities in the Windows environment. Stack overflows are programming flaws that often times allow an attacker to execute arbitrary code in the context of a vulnerable program. There are many nuances involved with exploiting these vulnerabilities in Windows. Window's exploit mitigations such as DEP, ASLR, SafeSEH, and SEHOP, makes leveraging these programming bugs more difficult, but not impossible. The course highlights the features and weaknesses of many the exploit mitigation techniques deployed in Windows operating systems. Also covered are labs that describe the process of finding bugs in Windows applications with mutation based fuzzing, and then developing exploits that target those bugs.

Red Team Techniques

Provided by OpenSecurityTraining.info

Hacking Techniques and Intrusion Detection

This course covers the most common methods used in computer and network hacking with the intention of learning how to better protect systems from such intrusions. These methods include reconnaissance techniques, system scanning, accessing systems by network and application level attacks, and denial of service attacks. During the course students will complete many hands on exercises.

Secure Software DevelopmentRed Team Techniques

Provided by OpenSecurityTraining.info

Introduction To Software Exploits

Software vulnerabilities are flaws in program logic that can be leveraged by an attacker to execute arbitrary code on a target system. This class will cover both the identification of software vulnerabilities and the techniques attackers use to exploit them. In addition, current techniques that attempt to remediate the threat of software vulnerability exploitation will be discussed. specific topics covered include: shellcode development, stack overflow exploitation, heap overflow exploitation, static source code analysis, defeating non-executable stack protection.

Red Team Techniques

Provided by OpenSecurityTraining.info

Introduction To Vulnerability Assessment

This is a lecture and lab based class giving an introduction to vulnerability assessment of some common common computing technologies. Instructor-led lab exercises are used to demonstrate specific tools and technologies.

Reverse EngineeringRed Team TechniquesComputer Science

Provided by OpenSecurityTraining.info

Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration

Intel processors have been a major force in personal computing for more than 30 years. An understanding of low level computing mechanisms used in Intel chips as taught in this course serves as a foundation upon which to better understand other hardware, as well as many technical specialties such as reverse engineering, compiler design, operating system design, code optimization, and vulnerability exploitation. 25% of the time will be spent bootstrapping knowledge of fully OS-independent aspects of Intel architecture. 50% will be spent learning Windows tools and analysis of simple programs. The final 25% of time will be spent learning Linux tools for analysis.

Red Team Techniques

Provided by NCC Group and Square

Microcorruption - Embedded Security CTF

You've been given access to a device that controls a lock. Your job: defeat the lock by exploiting bugs in the device's code. You're playing "Capture The Flag". You collect points for each level you beat, working your way through steadily more complicated vulnerabilities. Most levels showcase a single kind of real-world software flaw; some levels chain a series of them together. This device has a simple input: you provide a passcode, and if the passcode is correct, the lock unlocks. Just one problem: you don't know the passcode. Unlock it anyways. You'll use the debugger to reverse-engineer the code for each level. You can provide the device with input, then step through the code watching what the device does what that input. You're looking for a specific input that unlocks the device. Maybe that input is the correct pas

Red Team TechniquesNetwork DefenseWeb Application Security

Provided by OpenSecurityTraining.info

Offensive, Defensive, and Forensic Techniques for Determining Web User Identity

This course looks at web users from a few different perspectives. First, we look at identifying techniques to determine web user identities from a server perspective. Second, we will look at obfuscating techniques from a user whom seeks to be anonymous. Finally, we look at forensic techniques, which, when given a hard drive or similar media, we identify users who accessed that server.

Red Team Techniques

Provided by SSLab at Georgia Tech

pwnable.kr wargame

'pwnable.kr' is a non-commercial wargame site which provides various 'pwn' challenges regarding system exploitation. the main purpose of pwnable.kr is 'fun'. You can consider each of the challenges as a game. The site has over 50 challenges of varying difficulties to help you learn new skills and test them out.

Red Team Techniques

Provided by OpenSecurityTraining.info

Video Playlist: Exploitation in the Windows Environment

A Youtube playlist of the OpenSecurityTraining.info 'Exploitation in the Windows Environment' course being delivered. This course covers the exploitation of stack corruption vulnerabilities in the Windows environment. Stack overflows are programming flaws that often times allow an attacker to execute arbitrary code in the context of a vulnerable program. There are many nuances involved with exploiting these vulnerabilities in Windows. Window's exploit mitigations such as DEP, ASLR, SafeSEH, and SEHOP, makes leveraging these programming bugs more difficult, but not impossible. The course highlights the features and weaknesses of many the exploit mitigation techniques deployed in Windows operating systems. Also covered are labs that describe the process of finding bugs in Windows applications with mutation based fuzzing, and then developing exploits that target those bugs.

Secure Software DevelopmentRed Team Techniques

Provided by OpenSecurityTraining.info

Video Playlist: Introduction To Software Exploits

A Youtube playlist of the OpenSecurityTraining.info 'Introduction To Software Exploits' course being delivered. Software vulnerabilities are flaws in program logic that can be leveraged by an attacker to execute arbitrary code on a target system. This class will cover both the identification of software vulnerabilities and the techniques attackers use to exploit them. In addition, current techniques that attempt to remediate the threat of software vulnerability exploitation will be discussed. specific topics covered include: shellcode development, stack overflow exploitation, heap overflow exploitation, static source code analysis, defeating non-executable stack protection.

Reverse EngineeringRed Team TechniquesComputer Science

Provided by OpenSecurityTraining.info

Video Playlist: Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration

A Youtube playlist of the OpenSecurityTraining.info 'Introductory Intel x86' course being delivered. Intel processors have been a major force in personal computing for more than 30 years. An understanding of low level computing mechanisms used in Intel chips as taught in this course serves as a foundation upon which to better understand other hardware, as well as many technical specialties such as reverse engineering, compiler design, operating system design, code optimization, and vulnerability exploitation. 25% of the time will be spent bootstrapping knowledge of fully OS-independent aspects of Intel architecture. 50% will be spent learning Windows tools and analysis of simple programs. The final 25% of time will be spent learning Linux tools for analysis.

Red Team TechniquesWeb Application SecurityNetwork Defense

Provided by OpenSecurityTraining.info

Video Playlist: Offensive, Defensive, and Forensic Techniques for Determining Web User Identity

A Youtube playlist of the OpenSecurityTraining.info 'Web User Identity' course being delivered. This course looks at web users from a few different perspectives. First, we look at identifying techniques to determine web user identities from a server perspective. Second, we will look at obfuscating techniques from a user whom seeks to be anonymous. Finally, we look at forensic techniques, which, when given a hard drive or similar media, we identify users who accessed that server.

Red Team Techniques

Provided by OverTheWire

Wargame: Behemoth

This wargame deals with a lot of regular vulnerabilities found commonly 'out in the wild'. While the game makes no attempts at emulating a real environment it will teach you how to exploit several of the most common coding mistakes including buffer overflows, race conditions and privilege escalation.

Red Team Techniques

Provided by OverTheWire

Wargame: Manpage (OverTheWire)

This game is about breaking some common linux c-programming misconceptions. A good tactic when beginning to audit code for the first time is to read the manpages for pitfalls and unusual behavior. Many of these levels were inspired by the famous work of Ilja.

Red Team Techniques

Provided by OverTheWire

Wargame: Maze (OverTheWire)

A series of hands of challenges to learn more about exploitation of common security vulnerabilities. From the author: you'll need knowledge of exploitation-techniques, programming (of course) and reverse- engineering. We've tried to make the levels tricky and some of them strange, so get ready to use gdb.

Red Team Techniques

Provided by OverTheWire

Wargame: Narnia

This wargame is for the ones that want to learn basic exploitation. You can see the most common bugs in this game and we've tried to make them easy to exploit. You'll get the source code of each level to make it easier for you to spot the vuln and abuse it. The difficulty of the game is somewhere between Leviathan and Behemoth, but some of the levels could be quite tricky.

Red Team Techniques

Provided by OverTheWire

Wargame: Utumno

A series of hands of challenges to learn more about exploitation of common security vulnerabilities. This is a regular wargame composed of 10 different levels. It's slightly harder than the previous wargames in the same genre. Actually, it's a lot harder than Leviathan and a bit harder than Behemoth so if you haven't beaten those two you will probably want to do that first.

Red Team Techniques

Provided by OverTheWire

Wargame: Vortex (OverTheWire)

A series of hands of challenges to learn more about exploitation of common security vulnerabilities. This wargame from OverTheWire has 27 levels which cover topics such as: bit manipulation, writing shell code, crypt analysis and much much more!