
Explore practical red team operations from basics to advanced, including the MITRE ATT&CK framework, OSINT, persistence, defense evasion, and blue team perspectives.
Learn ethical hacking responsibly within a virtual machine to understand how threat actors compromise organizations and how to improve cyber security ethically and legally.
Learn how threat actors abuse rundll32.exe to execute a malicious dll via a specified entry point, using benign processes to evade defense and enable system binary proxy execution.
Learn how certutil.exe, a certificate authority tool, can be abused to download payloads via url cache and encode parameters, enabling defense evasion and second-stage payload delivery.
Explore how conhost.exe, the console host, can bypass restrictions to execute programs like calc, illustrating its role in command shell execution and red team technique.
Discover how mshta.exe is abused to execute html files and embedded scripts using system binaries in Windows. Explore mitre tactics and proxy execution for red team operations.
Explore how the Windows registry acts as a configuration database and how threat actors abuse registry keys for defense evasion and credential access, including real-time protection modifications.
Learn how Windows script files like vbs are executed and how threat actors abuse wscript with shell.run to launch programs, including calculator and other executables.
Explore how threat actors abuse PowerShell.exe to deploy malware, enumerate processes, gather system details, and propagate code while evading defenses through obfuscated scripts.
Explore how WMIC.exe leverages Windows management instrumentation for execution and persistence, with examples like create, WMIC command syntax, and shadow copy delete used by threat actors.
The lecture explains how threat actors use Archon X to exfiltrate data to cloud storage and how admin.exe deletes shadow copies to thwart recovery during ransomware deployment.
Explore how a process acts as a memory-contained container with its pid, loaded files, open sockets, handles, and threads, and learn practical insights with process hacker and real chrome.exe examples.
Learn step-by-step how Windows creates a process—from create process to pid, parent pid, memory, loading dlls, and starting the first thread—useful for malware analysis and process injection investigations.
Trace the process chain and threat graph to detect malware activity, from explorer.exe (parent) to cmd.exe (child) and discovery commands, including Excel macros triggering cmd.exe.
Trace the MITRE ATT&CK origin from the cyber kill chain by Lockheed Martin, expand seven stages into fourteen tactics, and explore the matrix of tactics, techniques, and threat groups.
Master osint techniques for red and blue team ops using VirusTotal, Shodan, AlienVault, AbuseIPDB, and Twitter to identify cobalt strike C2, open ports, and related threat intel.
Explore startup folder persistence by placing an executable in the startup directory for auto-launch at sign-in. The video shows locating the startup path and copying the file, noting dll dependencies.
Explore Windows management instrumentation (WMI) as a persistence and lateral-movement technique, covering WMI query language, event filters, event consumers, and binding, plus recon and defense-evasion considerations.
Demonstrates how to create Windows scheduled tasks for persistence, running a payload at logon via notepad or PowerShell, and how to inspect task XMLs and Event ID 4698 for detection.
Explore how Windows services enable threat actor persistence and privilege escalation, including creating auto-start services running as local system and monitoring 7045 event logs.
Explore how static, dynamic, and heuristic engines detect threats using the signature database, monitoring, and sandboxing. Understand unpackers and real-time edr concepts like live response.
Explore process injection techniques used for defense evasion, including shellcode injection, dll injection, and process hollowing, with practical demonstrations of memory allocation, remote thread creation, and reflective injection.
Discover how dll hijacking exploits the Windows loader and search order to load malicious libraries from the current working directory or System32, enabling defense evasion and privilege escalation.
Explore obfuscation techniques, focusing on rename obfuscation to bypass antivirus engines and defense evasion. See how renaming functions and variables, including null-byte renaming, obscures code.
Master control flow obfuscation, a complex defense evasion technique that alters hash values and inserts multiple control statements, hindering static engine and reverse engineering.
Discover how hooking changes a program's execution flow using jump statements, how antivirus and EDR hook DLLs into processes, and how unhooking removes these hooks for defense evasion.
Explore how the Windows AMSI anti-malware scan interface defends against fileless PowerShell scripts, the limitations of static signature AVs, and common bypass concepts like encoding, obfuscation, and memory injection.
Learn how to perform process injection by enumerating processes for notepad.exe, allocating memory, writing shellcode into the remote process, and creating a remote thread to execute it.
Learn how to gain initial access through process injection techniques in a practical red team lab. Explore phishing, trojan delivery, and reverse shell setup using a notepad injection scenario.
Learn how threat actors gain initial access through public facing applications such as Fortinet and Citrix, using vulnerabilities like CVEs, buffer overflow, and remote code execution to enable ransomware deployment.
Explore how remote desktop protocol brute forcing enables initial access, using public facing RDP services and Hydra with wordlists like rockyou.txt to uncover weak credentials.
Learn how threat actors use supply chain attacks to gain initial access by compromising software downloads or update databases, targeting suppliers and developers.
Explore defense evasion techniques to disable Windows Defender, including service manipulation, registry adjustments, real-time monitoring bypass, and batch-file delivery via certutil.
explains how exclusions in Windows Defender can be abused by threat actors to bypass malware scans, detailing common excluded folders and the use of PowerShell and WMI to configure exclusions.
Demonstrates using an anti-rootkit tool to disable Windows Defender and antivirus services, and to stop or remove services with the SVC option, for threat analysts' investigations.
Explore payload delivery using bitsadmin.exe to transfer a cobalt strike beacon to a remote Windows host, placing the payload in the server and perf log folders and noting antivirus exclusions.
Demonstrate a time stamping attack to remove indicators by modifying a file's creation time, bypassing antivirus and evading forensics detection.
Execute a cobalt strike payload via a command line interpreter to establish a reverse beacon, then list processes and explore post-exploitation commands such as mimikatz and privilege escalation.
Welcome to the "Red Team Operations-Initial Access to Ransomware Deployment". In this course, you will Start as a beginner with no previous knowledge, & by the end of the course, you will be at the beginner to Advanced level in Red Teaming activities. This course is full of practical sessions and you will see all the attacks in real-time
We have started our course with the basic section on LOLBAS and how threat actors will use LOLBAS for their attacks. This course is highly practical
The course is divided into a number of sections, each section covers Red and Blue team skills. By the end of the course, you will have a strong foundation in Red and Blue teaming activities. How TA will compromise the environment, Real-time Attacks How Threat actors deploy Ransomware in organizations
The course is divided into 18 sections
LOLBin for Red Teamers and Threat Hunters
Working with Windows Processes
MITRE ATT&CK framework discussion
Open source intelligence (OSINT) for Red and Blue Teamers
Persistence techniques for Red and Blue Teamers
Investigating defensive mechanisms and methods to evade antivirus and EDR
Red + Blue Team Operation - Initial Access Phase
Red + Blue Team Operation - Defense Evasion Phase
Red + Blue Team Operation - Post Exploitation Phase
Red + Blue Team Operation - Persistence phase
Red + Blue Team Operation - Privilege Escalation
Red + Blue Team Operation - Credential Access
Red + Blue Team Operation - Lateral Movement
Red + Blue Team Operation - Exfiltration
Red + Blue Team Operation - Impact
Blue Team Operations - Investigation
History of Ransomwares
At the end of each section, you will learn how to detect, prevent, and secure systems and yourself from the discussed attacks.
With this course you'll get 24/7 support, so if you have any questions you can post them in the Q&A section and we'll respond to you within 8 hours.
Notes:
This course is created for educational purposes only, all the attacks are launched in my own lab