Offensive Tradecraft: Red Teaming
From foundational computer user to red-team operator — methodology, phishing, C2, AD, AD CS, cloud, evasion, purple teaming.
The complete path from computer literacy to red-team operator. It spans the full enterprise attack surface — AD, Kerberos, AD CS (ESC1-ESC17), cloud, SaaS, containers, macOS and wireless — with real operator tradecraft, C2 infrastructure, evasion, purple teaming and multi-operator campaign leadership.
Authorisation, ethics, and rules of engagement.
Host/guest architecture and building a lab.
TCP/IP, routing, and DNS for operators.
Windows internals relevant to attackers.
Linux essentials from an offensive view.
Python and PowerShell for operators.
Running a lab safely and handling evidence.
What red teaming is versus pentesting.
The engagement lifecycle end to end.
Emulating a specific threat actor.
Mapping operations to ATT&CK.
Staying undetected during operations.
Planning the operation from recon.
Documenting operations to standard.
Intelligence without touching the target.
Actively mapping the target surface.
Breaching the perimeter and chaining access.
Designing and running phishing campaigns.
Establishing the first foothold.
Standing up and operating C2.
First actions after landing on a host.
How credentials and identity work.
How AD is structured.
Mapping AD attack paths.
Kerberoasting, relaying, and ticket attacks.
Harvesting credentials and secrets.
Escalating on both platforms.
Maintaining access covertly.
Moving through the network.
Simulating data theft safely.
Attacking the software delivery chain.
Targeting Linux estates and databases.
Building durable, redirected C2 infrastructure.
Operating under EDR and monitoring.
How enterprise PKI and AD CS work.
The full AD CS escalation catalogue.
Persistence via certificates and CA compromise.
Cross-domain and trust abuse.
Attacking cloud environments.
Targeting identity and SaaS.
Attacking containerised and K8s workloads.
Abusing management and orchestration planes.
Targeting hypervisors and network gear.
Operating against macOS estates.
Wireless attacks and rogue access.
Building evasive custom tooling.
Advanced access and physical entry.
Engineering custom evasive C2.
Emulating a real APT end to end.
Running team-based campaigns.
Automating emulation at scale.
Safely simulating ransomware readiness.
Building detections with the blue team.
Leading and reporting on programs.
Full capstone engagement, plan to report.
Aspiring Red-Team Operators
Learners starting from computer literacy who want a complete path into adversary simulation.
Penetration Testers
Testers moving from vulnerability-focused work into objective-driven operations.
SOC & Blue Teamers
Defenders who want to understand offensive tradecraft to build detections.
Security Leads & Consultants
Professionals preparing to lead multi-operator red-team engagements.
Zero-prerequisite to operator
Starts with computing, networking, Windows, Linux and scripting.
Full enterprise attack surface
AD, Kerberos, AD CS ESC1-ESC17, cloud, SaaS, containers, macOS and wireless.
Real operator tradecraft
C2 infrastructure, OPSEC, evasion, multi-operator workflows and handovers.
Purple-team & leadership
Detection engineering, ransomware-readiness, executive reporting and program management.
Interested in this course? Our team will reach out within 1 business day.
Enquire Now