To defeat the enemy, you must know their tactics. The "Red Team" simulates real-world attacks to identify vulnerabilities before malicious actors do.
Syllabus
Week 1: Ethics & Law
Staying out of jail and maintaining professional standards.
- Topics: Rules of Engagement (RoE), Scope, CFAA, written authorization.
Week 2: Reconnaissance (OSINT)
Gathering information without touching the target.
- Topics: Google Dorking, Shodan, WHOIS, Social Media scraping, Harvester.
Week 3: Scanning & Enumeration
Mapping the attack surface.
- Topics: Nmap scripting engine (NSE), Service version detection, SMB enumeration.
- Lab: Map a network of 3 targets.
Week 4: Vulnerability Assessment
Identifying known weaknesses.
- Topics: CVEs, CVSS scoring, Nessus/OpenVAS scanning.
Week 5: Exploitation Basics
Gaining access.
- Topics: Metasploit Framework, Reverse Shells vs. Bind Shells, Buffer Overflow theory.
- Lab: Exploit a vulnerable service on Metasploitable.
Week 6: Web Application Security
Attacking the front door.
- Topics: OWASP Top 10, SQL Injection, XSS, Burp Suite.
Week 7: Post-Exploitation
What happens after you get in.
- Topics: Privilege Escalation (Linux/Windows), Persistence, Looting, Pivoting.
Week 8: Reporting
The most important part of the job.
- Topics: Writing an executive summary, technical findings, and remediation steps.
- Assessment: Submit a comprehensive penetration test report.