Take Your Expertise To Next Level in

Red Team Activity

With Offensive Red Team Professional

The "Offensive Red Team Professional" certification program was designed by a black hat experience team, application developer, and exploit writer to automate the red teaming hunting process. This course covers both offensive and defensive strategies, and after finishing the course, a candidate can handle any cyber security incident.
Yes! any cyber security incident.

Why?

Red Team professional course objective is to react faster, detect, analyze, and provide a complete solution to the enterprise. We focus on manual as well as automated red teaming processes. In this professional training, the instructor will demonstrate 90+ plus tools and frameworks, but as we mentioned, tools are only for visibility, and we will put more focus on scenario-by-scenario red teaming practices. And this course also focuses on writing our own tools and exploits so they can handle any incident according to enterprise complexity or any red teaming practices.

The course also focuses on Adversary Simulations & RedTeam Operation.

Reconnaissance

Covert Communication

Initial Access

Pivoting

Attack Packages

Post Exploitation

Spear Phishing

Browser Pivoting

Defense Evasion

Execution

Lateral Movement

Report & Logging

Highlighted Modules

Why hackerSlash?

Global Offensive hackerSlash Community focuses on "Next Generation Technology" and we do more research on the industry-based products, current enterprise security levels, application-level assessments, Scada, AI & IoT Assessment and based on our team research we create a specialized program for candidates.

Course Structure

Active Scanning
 
Passive scanning
 
Scanning IP Blocks
 
Accumulating System Information
 
Collecting Remote Host Information
 
Collecting Remote Identification Information
 
Collecting Victim Network Information
 
Obtain Victim Organization Information
 
Collecting Information Through Social Media

Section 1

Overview of AWS Services
 
Amazon Web Services Regions and Availability Zones
 
Identify Types of Attack used on AWS
 
Defining AWS Blueprints
 
External Infrastructure of your AWS cloud
 
Application(s) you host/create on your platform
 
Internal Infrastructure of your AWS cloud
 
AWS configuration review
 
API, i.e., Application Programming Interface
 
Web applications hosted by organization
 
Analyzing Programming languages
 
Virtual machines and operating systems
 
Analyzing the security of the AWS Cloud
 
Analyzing security in the AWS cloud
 
Explore various tools for AWS
 
Inspect an automated framework for assessing AWS Infrastructure
 
Write your own tools for AWS infrastructure assessment
 

Section 2

 
Tools to be tested for AWS Security includes
 

Governance

 
• Recognize AWS usage/implementation
 
• Define AWS boundaries and identify assets
 
• Access policies
 
• Identify, review, and evaluate risks
 
• Inventory and documentation
 
• Add AWS to the risk assessment
 
• IT security and programme administration
 

Network Management

 
Network Security Controls
 
Physical links
 
Granting and revoking access
 
Environment Isolation
 
Inventory and documentation
 
DDoS defence layers
 
Malicious code controls
 

Encryption Control

 
AWS Console access
 
AWS API access
 
IPsec Tunnels
 
SSL Key Management
 
Protect PINs at rest
 

Logging and Monitoring

 
Centralized log storage
 
Review policies for “adequacy”
 
Examine the Identity and Access Management (IAM) credential report
 
Aggregate from multiple sources
 
Intrusion detection & response

Section 1

 
Azure Service Overview
 
Amazon Web Services Regions and Availability Zones
 
Defining Azure Blueprints
 
Methods by which your Azure data can be compromised
 
External Infrastructure of your Azure cloud
 
Application(s) you host/create on your platform
 
Azure cloud’s internal infrastructure
 
Azure configuration review
 
Application Programming Interface
 
Web applications hosted by your organization
 
Programming languages
 
Virtual machines and operating systems
 
Analyzing the security of the Azure Cloud
 
Evaluating security in the Azure Cloud
 
Explore various tools for Azure
 
Inspect an automated framework for assessing Azure Infrastructure
 
Creating a custom tool to assess Azure Infrastructure
 
Red-Team Best Practices
 

Section 2

 
Azure Authorization Checks
 
Enumeration of Azure AD
 
Azure Policies
 
Azure PowerShell
 
Azure Cloud-shell
 
Azure Internal Recon
 
Azure Privilege Escalation
 
The Golden SAML & Primary refresh token
 
Managing Azure Identities and Governance
 
Azure Storage Security etc
 
Azure Key Vault
 
Azure Security Center
 
Azure Sentinel
 
Azure Best Practices
A Quick Overview of IPv4 and IPv6
 
IPv4 vs. IPv6: What’s the Difference?
 
Exploit Chain for IPv4-based Networks Developed by hackerSlash
 
Exploit Chain for IPv6-based Networks by hackerSlash
 
Exploring attack techniques based on IPv4 and IPv6
 
How do you keep your IPv6 neighbors from discovering you?
 
How can you keep your IPv6 address management secure?
 
Attacks on IPv6 Neighbor Discovery Mitigation
 
IPv6 attack techniques and mitigations
 
THC IPv6 Attack Toolkit
 
Red Teaming Best Practices
Kerberos: A Quick Overview
 
Identifying how Kerberos works and configuring it
 
KDC: Key Distribution Centre
 
AS: Authentication Service
 
TGT: Ticket Granting Ticket
 
SPN: Service Principal Name
 
PAC: Privilege Attribute Certificate
 
Service Tickets
 
Attacking Kerberos, the Windows ticket-granting service
 
Kerbrute Enumeration: No domain access required
 
Pass the Ticket Attack: Access as a user to the domain required
 
Kerberoasting : Access as any user required
 
AS-REP Roasting: Access as any user required
 
Golden Ticket: Full domain compromise (domain admin) required
 
Silver Ticket: Service hash required
 
Skeleton Key: Full domain compromise (domain admin) required
 
Red-Teaming Best Practices
A brief overview of Active Directory
 
Domain Controller (DC)
 
Forests, trees, domains
 
Users and groups
 
Trusts
 
Policies
 
AD Enumeration
 
AD Domain Services and Authentication
 
AD in the Cloud (Azure AD)
 
Abusing Kerberos
 
Cross Trust Attacks
 
Cross Trust Attacks
 
Enumerating Server Managers
 
Enumeration with Bloodhound: a GUI interface that allows you to visually map out the network
 
Maintaining Access
 
Post Exploitation Technique
 
Defences and Bypass – PowerShell
 
Red-Teaming Best Practices
A brief overview of container technology
 
Introduction to Docker
 
Docker Container Configuration
 
Docker Commands
 
Docker Images
 
Docker Compose
 
Docker Engine
 
Docker Networking & Registry
 
Docker Misconfiguration
 
hackerSlash Docker containers Exploit Chain
 
Docker vulnerability static analysis
 
Docker Exploitation
 
Red-Teaming Best Practices
A Brief Introduction of Kubernetes
 
Monitoring and logging
 
Application Lifecycle Management
 
Kubernetes Security
 
Cluster Maintenance
 
Create and deploy a Kubernetes cluster
 
Networking
 
Storage
 
Red-Teaming Best Practices
Convert Communication
 
Cobalt Strike Model
 
Setting up infrastructure and troubleshooting
 
Customize Beacon’s network indicators using C2
 
Weaponized Cobalt Strike’s Beacon Payload
 
Initial Access Process
 
Privilege Escalation
 
Abusing Lateral Movements
 
Pivoting with Cobalt Strike’s SSH sessions
A Quick Overview of Tunneling and Pivoting
 
Network Chain Exploitation
 
hackerSlash Tunneling and Pivoting Exploit Chain
 
Proxy Pivoting
 
Pivoting the VPN
 
Use proxy chains and SSH to pivot
 
Using the Netcat relay to pivot
 
Proxy SOCKS
 
Additional tools and techniques
 
Best Practices for Red-Teaming
Abuse Elevation control mechanism
 
Access token manipulation
 
Boot or Logon Auto start Execution
 
Boot or Logon Initialization scripts
 
Create or modify system processes
 
Escape to Host
 
PE (horizontal and vertical)
 
The Event Triggered Execution
 
Exploitation for Privilege Escalation
 
Red-Teaming Best Practices
Network sniffing using AiTM (Adversary-in-the-Middle)
 
Brute Force
 
Password Spraying attacks
 
Forge Web Credentials
 
Modify Authentication Process
 
OS Credential Dumping
 
Two Factor Authentication Interception
 
Forced Authentication
 
Kerberos ticket theft or forgery
 
Steal Web Session Cookie
Introduction to Command and control server
 
•Communication using application layer
 
Exploiting different Protocols SMB, SSH, or RDP
 
Encrypted Channels
 
•Multi-Stage Channels
 
Protocol Tunneling
Top-10 OWASP Web Security Risks
 
Top 10 OWASP Mobile Apps
 
Reverse Engineering
 
TLS/SSL Attacks
 
Red-Teaming Best Practices for Web Applications
 
Red-Teaming Best Practices for Mobile Applications
Automated Exfiltration
 
Exfiltration Over Alternative Protocol
 
Exfiltration Over the C2 Channel
 
Exfiltration Over Other Network Mediums
 
Exfiltration Over Other Physical Medium
 
Exfiltration Over Web Services
 
Transfer Data to the Cloud Account

Pricing

All prices are in BDT and USD.
Training + Course material + Exam certification
| 30,000 Taka for Bangladeshi Students
| $500 USD for International Students
Fees also include unbounded revision, lifelong lab access, and live instructor-led support.

Are You Ready?