Red Team Mastery: Advanced Offensive Security

Configure the external network in a two-vlan VMware lab, assign static IPs for vlan one and vlan two, and verify Kali on vlan one can reach the metasploitable web server.

Set up the internal network in VMware by configuring VLAN two on the domain controller, employee machine, and application server; assign static IP and DNS, and enable remote access.

Set up Active Directory on a domain controller, promote to a new forest with a root domain, join employee machines and application server to the domain, and create domain users.

Reconnaissance gathers information about a target system, network, or organization to understand its structure and identify vulnerabilities, using publicly available data to map risks and strengthen defenses.

Distinguish passive and active recon: passive uses public data to stay undetected with no direct interaction, while active engages targets with ping and port scans for deeper insights.

Identify live hosts on a network using ARP and ICMP, then verify with ping, by scanning a /24 subnet with Net Discover.

Use nmap to scan a target for open ports and services, reveal ftp on port 21 with Vsftpd 2.3.4, and run scripts to detect the backdoor vulnerability.

Explore attacking a web server by exploiting a Vsftpd backdoor on port 21 using Metasploit, gaining a root shell and escalating to interactive command execution.

Learn how attackers exploit WebDAV on vulnerable servers to upload a reversal script. Set up a netcat listener to catch the reversal and verify access from the target Metasploitable machine.

Learn how pivoting enables ethical hackers to move from an external network to an internal one using a compromised system, routing traffic with proxy chains to access internal machines.

Learn to enumerate an internal network with Powerview in a Windows environment, listing users, groups, and computers, and identify risks from passwords stored in descriptions.