Red Team Ops is an online course that teaches the basic principals, tools and techniques, that are synonymous with red teaming.
Students will first cover the core concepts of adversary simulation, command & control, and how to plan an engagement. They will then learn about each stage of the attack lifecycle from initial compromise, to full domain takeover, data hunting, and data exfiltration. Students will also take various OPSEC concerns into account and learn how to bypass defences such as Windows Defender, AMSI and AppLocker. Finally, they will cover reporting and post-engagement activities.
Source: Red Team Operator Course
| ⚠️ WARNING |
|---|
| This blog post should summarize my experience with the course and exam. All content is displayed in my own opinion and can vary from person to person. |
Course
The course as of today includes the following topics:
- Course introduction
- Command & Control
- External Reconnaissance
- Initial Compromise
- Host Reconnaissance
- Host Persistence
- Host Privilege Escalation
- Domain Reconnaissance
- Lateral Movement
- Credentials & User Impersonation
- Password Cracking Hints & Tips
- Session Passing
- Pivoting
- Data Protection API
- Kerberos
- Active Directory Certificate Services
- Group Policy
- Discretionary Access Control Lists
- MS SQL Servers
- Domain Dominance
- Forest & Domain Trusts
- Local Administrator Password Solution
- Bypassing Defences
- Data Hunting & Exfiltration
- Post-Engagement & Reporting
- Extending Cobalt Strike
Personally I knew a bit more about active directory before I started the course but really enjoyed learning a bit more under the hood and LOVED the opsec considerations and to hunt for artifacts in the Splunk (now Kibana) instance. The content is provided on the Thinkific platform which allows to track your progress and access even after the exam to the up to date content is provided.
Lab
The lab is provided as a virtual environment through the provider SnapLabs.
It can be started and stopped in a matter of minutes to use the lab hours efficiently.
The access to the lab is provided via a web browser and the use of Apache Guacamole as the remote desktop solution.
Sometimes copy paste was a hit or miss for me and the performance was good as long as the internet connection is stable.
Exam
The exam has a lab time of 48 hours which can be used throughout 4 days in total.
To pass the exam, 6 out of 8 flags have to be collected.
There is no report needed and I really enjoyed the chain in the exam and would have loved to continue in another environment.
In my case I was able to collect all 8 flags within 13 hours.
As soon as the 4 day time frame is over, the flags are automatically checked and if correct generate and send you your badge.
Pricing
| £365.00 | Course Only |
| £399.00 | Course + 40 hour lab bundle |
RastaMouse did an amazing job to make the course even more accessible to someone investing private money by recently adding payment options that include splitting the payment into 4 separate payments.
| 4 x £91.25 | Course Only |
| 4 x £99.75 | Course + 40 hour lab bundle |
Final verdict
If you are willing to learn and grow in the area of red teaming, I highly recommend this course and certification.
I had prior infrastructure assessment and active directory experience which made the course a bit easier.
But as the course page states:
The most successful students are not those with the greater technical knowledge - but those with a passion for learning new skills, solving problems, have great resilience and fortitude!