Red Team Operations

Red Team Operations

Adversary emulation, end-to-end.

A five-day, lab-heavy track on running adversary emulation engagements - initial access, C2, lateral movement, privilege escalation and exfiltration - with OPSEC and evasion baked into every step.

Enroll now All tracks
5 days
Duration
≤ 12
Cohort size
Advanced
Level
Verifiable
Certificate

What you'll walk away with

  • Plan, scope and run an end-to-end red-team engagement
  • Build resilient C2 infrastructure with modern frameworks
  • Execute Active Directory attack paths confidently
  • Apply evasion + OPSEC against EDR and SIEM controls
  • Write red-team reports that earn blue-team respect
  • Map every action to MITRE ATT&CK techniques

Who this is for

Designed for the prerequisites below - but motivated learners outside the profile are welcome with a short pre-call.

  • Comfortable with networking + Linux/Windows internals
  • Some pentest / CTF / offensive-security exposure
  • Scripting in Python or PowerShell
  • OSCP-level foundation recommended (not required)

Curriculum

Day-by-day breakdown

Day 1

Foundations & infrastructure

  • Red-team vs pentest mindset
  • Scoping + rules of engagement
  • C2 framework setup (Sliver / Mythic)
  • Redirector + domain fronting basics
Day 2

Initial access

  • Phishing payloads & delivery
  • Office macro / LNK / HTA modern variants
  • Living-off-the-land binaries
  • Initial-access OPSEC checklist
Day 3

Active Directory attack paths

  • Recon with BloodHound + SharpHound
  • Kerberoasting + AS-REP-roasting
  • ACL abuse & DCSync
  • Hopping with PsExec / WMI / WinRM
Day 4

Persistence + evasion

  • Persistence techniques across hosts
  • AMSI / ETW bypass primers
  • Process injection patterns
  • Defender + EDR evasion practice
Day 5

Engagement wrap-up

  • Exfiltration channels & detection avoidance
  • Capture-the-flag final exercise
  • Writing a red-team report
  • Purple-team debrief with the defenders

Hands-on labs

Realistic, isolated environments - you break things safely and rebuild them harder.

  • Isolated AD forest with 3 child domains
  • Realistic SOC stack (Wazuh + ELK + Sigma) watching back
  • EDR-style telemetry to evade (open-source equivalents)
  • Phishing campaign infrastructure sandbox
  • Final-day capture-the-flag engagement

Tools you'll use

No proprietary kit - everything is industry-standard.

SliverMythicCobalt Strike (concepts)BloodHoundImpacketRubeusMimikatzNmapCrackMapExec

Your instructor

Senior Red Team Lead

Hands-on red teamer with engagements across SaaS, fintech and healthcare. Maintains research time outside of teaching - what you learn in class is what they shipped last quarter, not what they read in a book.

Practitioner firstLab-drivenOffice hours after class

Reserve your seat

Cohorts are small on purpose. Email us to confirm dates, request a corporate cohort, or ask anything about the curriculum.

Next cohort: On request - quarterly cohorts
Enroll Other tracks