Red Team

Offensive Tradecraft: Red Teaming

From foundational computer user to red-team operator — methodology, phishing, C2, AD, AD CS, cloud, evasion, purple teaming.

Expert 220 Hours55 Modules6 LevelsCertificate
Overview

The complete path from computer literacy to red-team operator. It spans the full enterprise attack surface — AD, Kerberos, AD CS (ESC1-ESC17), cloud, SaaS, containers, macOS and wireless — with real operator tradecraft, C2 infrastructure, evasion, purple teaming and multi-operator campaign leadership.

220Hours
55Modules
6Levels
CertOn Compl.
Curriculum
55 Modules · 6 Levels · 220 Hours
Foundations

Authorisation, ethics, and rules of engagement.

5 Topics1 Lab

Host/guest architecture and building a lab.

5 Topics1 Lab

TCP/IP, routing, and DNS for operators.

6 Topics1 Lab

Windows internals relevant to attackers.

5 Topics1 Lab

Linux essentials from an offensive view.

5 Topics1 Lab

Python and PowerShell for operators.

5 Topics1 Lab

Running a lab safely and handling evidence.

4 Topics1 Lab
Basics

What red teaming is versus pentesting.

5 Topics1 Lab

The engagement lifecycle end to end.

5 Topics1 Lab

Emulating a specific threat actor.

5 Topics1 Lab

Mapping operations to ATT&CK.

5 Topics1 Lab

Staying undetected during operations.

5 Topics1 Lab

Planning the operation from recon.

5 Topics1 Lab

Documenting operations to standard.

4 Topics1 Lab
Beginner

Intelligence without touching the target.

5 Topics2 Labs

Actively mapping the target surface.

5 Topics1 Lab

Breaching the perimeter and chaining access.

5 Topics2 Labs

Designing and running phishing campaigns.

6 Topics2 Labs

Establishing the first foothold.

5 Topics1 Lab

Standing up and operating C2.

6 Topics2 Labs

First actions after landing on a host.

5 Topics1 Lab

How credentials and identity work.

5 Topics1 Lab
Intermediate

How AD is structured.

5 Topics1 Lab

Mapping AD attack paths.

6 Topics2 Labs

Kerberoasting, relaying, and ticket attacks.

6 Topics2 Labs

Harvesting credentials and secrets.

5 Topics2 Labs

Escalating on both platforms.

6 Topics2 Labs

Maintaining access covertly.

5 Topics1 Lab

Moving through the network.

6 Topics2 Labs

Simulating data theft safely.

5 Topics1 Lab

Attacking the software delivery chain.

5 Topics1 Lab

Targeting Linux estates and databases.

5 Topics1 Lab
Advanced

Building durable, redirected C2 infrastructure.

5 Topics1 Lab

Operating under EDR and monitoring.

6 Topics2 Labs

How enterprise PKI and AD CS work.

5 Topics1 Lab

The full AD CS escalation catalogue.

6 Topics2 Labs

Persistence via certificates and CA compromise.

5 Topics1 Lab

Cross-domain and trust abuse.

6 Topics2 Labs

Attacking cloud environments.

6 Topics2 Labs

Targeting identity and SaaS.

6 Topics1 Lab

Attacking containerised and K8s workloads.

5 Topics1 Lab

Abusing management and orchestration planes.

5 Topics1 Lab

Targeting hypervisors and network gear.

5 Topics1 Lab

Operating against macOS estates.

5 Topics1 Lab

Wireless attacks and rogue access.

5 Topics1 Lab

Building evasive custom tooling.

5 Topics2 Labs
Expert

Advanced access and physical entry.

6 Topics2 Labs

Engineering custom evasive C2.

6 Topics2 Labs

Emulating a real APT end to end.

5 Topics1 Lab

Running team-based campaigns.

5 Topics1 Lab

Automating emulation at scale.

5 Topics1 Lab

Safely simulating ransomware readiness.

5 Topics1 Lab

Building detections with the blue team.

6 Topics2 Labs

Leading and reporting on programs.

5 Topics1 Lab

Full capstone engagement, plan to report.

6 Topics2 Labs
Who It's For

Aspiring Red-Team Operators

Learners starting from computer literacy who want a complete path into adversary simulation.

Penetration Testers

Testers moving from vulnerability-focused work into objective-driven operations.

SOC & Blue Teamers

Defenders who want to understand offensive tradecraft to build detections.

Security Leads & Consultants

Professionals preparing to lead multi-operator red-team engagements.

Outcomes & Takeaways
Plan and govern authorized red-team engagements end to end
Run full phishing campaigns and initial-access operations
Operate C2 infrastructure with multi-operator workflows
Execute Active Directory, Kerberos, NTLM and AD CS attack paths
Attack cloud, SaaS, identity providers, containers and management planes
Apply detection-aware evasion and custom offensive tooling
Run purple-team exercises and ransomware simulations
Lead campaigns and deliver technical and executive reporting
Course Benefits

Zero-prerequisite to operator

Starts with computing, networking, Windows, Linux and scripting.

Full enterprise attack surface

AD, Kerberos, AD CS ESC1-ESC17, cloud, SaaS, containers, macOS and wireless.

Real operator tradecraft

C2 infrastructure, OPSEC, evasion, multi-operator workflows and handovers.

Purple-team & leadership

Detection engineering, ransomware-readiness, executive reporting and program management.

Interested in this course? Our team will reach out within 1 business day.

Enquire Now