
Set up your penetration testing environment with Kali Linux, choosing installer images or virtual machines, using VirtualBox or VMware, then explore TryHackMe rooms for hands-on security learning.
Apply information security principles to protect data, systems, and networks using the CIA triad. Explore hacker types from black hat to white hat, gray hat, script kids, hacktivists, and insiders.
Explore the OSI model, a seven-layer framework guiding data transfer between devices, with encapsulation moving information through each layer from physical to application.
Learn practical web application attack techniques in challenges 4 and 5, including intercepting requests, handling credentials, cookies, and session hijacking to assess security in a red team context.
Explore web application basics and web hacking fundamentals, including browsers, URLs, http request-response, and the role of a browser in testing a web application.
Examine http messages and client–server interactions, covering requests and responses, headers, start lines, host domain, and body data, with http/https contexts and phishing awareness.
Analyze http request anatomy by examining headers like host, user agent, referrer, cookies, and content types, and practice posting url-encoded data or json, xml, and html formats in penetration testing.
Learn to implement security headers for a website, including content security policy and http strict transport security, and configure default-src and script-src rules across domains and subdomains.
Explore the structure of the web, the URL, and the http protocol (http/1.1), and learn how a response header tells the browser how much data to expect.
Explore common HTTP status codes and their meanings in client-server interactions, including server errors and service unavailable responses, to diagnose issues across server, database, and application layers.
Learn how HTTP requests work, including the start line, methods like GET and POST, URL paths, and versioning from HTTP 1.1 to HTTP 3, with security implications for penetration testing.
Learn how HTTP requests are constructed, including request headers, host, user agent, cookies, and content types, and how URL encoded bodies, JSON, and XML formats are used in forms.
Learn HTML basics: structure a website with doctype, HTML element, headings, paragraph, links, and image elements with src attributes; fix broken images and explore hidden text.
Explore how JavaScript integrates with HTML and CSS, manipulates page elements via script tags, getElementById and innerHTML, and handles onClick events to update content.
Explore practical SQL injection techniques that enable authentication bypass, showing how username and password inputs can bypass login checks and potentially grant admin access.
Practice with SQL injection on an Oracle database to determine its type and version, using union queries and banner information for enumeration and reconnaissance.
دبلومة Red Teaming مصممة لإعداد محترفين قادرين على محاكاة الهجمات المتقدمة واختبار مرونة أنظمة الشركات ضد التهديدات الواقعية.
البرنامج بيجمع بين الجانب النظري والعملي من خلال مختبرات عملية (Hands-on Labs) وتمارين تحاكي بيئة المؤسسات الحقيقية.
أهداف الدبلومة:
إكساب المتدرب القدرة على التفكير والهجوم بنفس أسلوب القراصنة (Adversary Simulation).
التدريب على تقنيات Offensive Security بداية من الاستطلاع وحتى تحقيق السيطرة الكاملة.
التعرف على طرق تجنب واختراق أنظمة الحماية (EDR, SIEM, IDS/IPS).
إعداد تقارير احترافية للـ Red Team Exercises تساعد الإدارة الأمنية على سد الثغرات.
الشهادات المرتبطة بالمسار:
الدبلومة تهيئك للحصول على أهم شهادات الـ Red Team العالمية:
CRTO (Certified Red Team Operator)
CRTP (Certified Red Team Professional)
CRTE (Certified Red Team Expert)
OSCP (Offensive Security Certified Professional)
OSEP (Offensive Security Experienced Penetration Tester)
OSWE (Offensive Security Web Expert)
CRTL (Certified Red Team Lead)
محتويات الدبلومة:
مقدمة في Red Teaming
الفرق بين الـ Penetration Testing والـ Red Team Assessment.
مراحل الهجوم (Kill Chain & MITRE ATT&CK Framework).
Reconnaissance & OSINT
جمع المعلومات المفتوحة.
تقنيات الهندسة الاجتماعية (Social Engineering).
Exploitation & Initial Access
استغلال الثغرات الشائعة.
هجمات الـ Phishing وطرق تجاوز الحماية.
Privilege Escalation & Lateral Movement
التصعيد على أنظمة Windows & Linux.
التحرك الجانبي داخل الشبكات (Kerberos Attacks, Pass-the-Hash, Pass-the-Ticket).
Persistence & Defense Evasion
إنشاء Backdoors & C2.
التهرب من أدوات المراقبة الأمنية.
Red Team Reporting & Threat Intelligence
كتابة تقارير مهنية للإدارة العليا والفريق الأمني.
ربط النتائج مع استخبارات التهديدات.