Hackers Associate is an official platform that provides advanced cybersecurity training with complete hands-on, VAPT services to private & government organization, events & workshops. Being the only organization in India that provides 80+ Cyber Security Training Certifications, we ensure quality education with the pillars of practical instances and real-life case studies.
The "Offensive RedTeam Professional" certification program was designed by a black hat team, application developer, and exploit writer to automate the red teaming hunting process. This course covers both offensive and defensive strategy, and after finishing the course, a candidate can handle any cyber security incident.
ORTP's professional objective is to react faster, detect, analyse, and provide a complete solution to the enterprise. We focus on manual as well as automated red teaming processes. In this professional training, the instructor will demonstrate 90+ plus tools and frameworks, but as we mentioned, tools are only for visibility, and we will put more focus on scenario-by-scenario red teaming practices. And this course also focuses on writing our own tools and exploits so they can handle any incident according to enterprise complexity or any red teaming practices.
Lifetime Lab Access
16 Live Instructor Led Sessions
Course Completion Certificate
Recorded Session Access
2 ORTP Exam Attempt
Lifetime support from Instructor
ORTP also focus on Adversary Simulations & RedTeam Operation.
Reconnaissance
Covert Communication
Initial Access
Pivoting
Attack Packages
Post Exploitation
Spear Phishing
Browser Pivoting
Defense Evasion
Execution
Lateral Movement
Report & Logging
Reconnaissance
ORTP Highlighted Modules
AWS Red-Teaming Practices
Azure Red-Teaming Practices
IPv4 & IPv6 Red-Teaming Practices
Active Directory Red-Teaming Practices
Kerberos Attacks Red-Teaming Practices
Servers Exploitation [All Enterprise Servers]
Cyber Kill Chain
Exploit Writing
Docker-Container technology Red-Teaming Practices
Kubernetes Red-Teaming Practices
API Red-Teaming Practices
Privilege Escalation
Covert Communication
Post Exploitation
Pivoting & Tunneling Red-Teaming Practices
Web Application Red-Teaming Practices
Mobile Application Red-Teaming Practices
Offensive Sniffing Red-Teaming Practices
Enterprise Network Red-Teaming Practices
Firewall Red-Teaming Practices
Reverse Engineering
SSL Red-Teaming Practices
Prerequisites
[ A basic knowledge of networking and Linux fundamentals. ]
[ System with 8 GB RAM, 300 GB empty space and Administrator access. ]
Global Offensive Hacker Associate Community focuses on "Next Generation Technology" and we do more research on industry based product, current enterprise security level, application level assessment, Scada, AI & IoT Assessment and based on our team research we create a specialized programme for candidates.
ORTP Course Structure
Domain 1: Reconnaissance
Active Scanning
Passive scanning
Scanning IP Blocks
Accumulating System Information
Collecting Remote Host Information
Collecting Remote Identification Information
Collecting Victim Network Information
Obtain Victim Organization Information
Collecting Information Through Social Media
Domain 2: Offensive AWS- Red Teaming Practices
Section 1
Overview of AWS Services
Amazon Web Services Regions and Availability Zones
Identify Types of Attack used on AWS
Defining AWS Blueprints
External Infrastructure of your AWS cloud
Application(s) you host/create on your platform
Internal Infrastructure of your AWS cloud
AWS configuration review
API, i.e., Application Programming Interface
Web applications hosted by organization
Analyzing Programming languages
Virtual machines and operating systems
Analyzing the security of the AWS Cloud
Analyzing security in the AWS cloud
Explore various tools for AWS
Inspect an automated framework for assessing AWS Infrastructure
Write your own tools for AWS infrastructure assessment
Section 2
Tools to be tested for AWS Security includes
Governance
• Recognize AWS usage/implementation
• Define AWS boundaries and identify assets
• Access policies
• Identify, review, and evaluate risks
• Inventory and documentation
• Add AWS to the risk assessment
• IT security and programme administration
Network Management
Network Security Controls
Physical links
Granting and revoking access
Environment Isolation
Inventory and documentation
DDoS defence layers
Malicious code controls
Encryption Control
AWS Console access
AWS API access
IPsec Tunnels
SSL Key Management
Protect PINs at rest
Logging and Monitoring
Centralized log storage
Review policies for "adequacy"
Examine the Identity and Access Management (IAM) credential report
Aggregate from multiple sources
Intrusion detection & response
Domain 3: Offensive Azure- Red Teaming Practices
Section 1
Azure Service Overview
Amazon Web Services Regions and Availability Zones
Defining Azure Blueprints
Methods by which your Azure data can be compromised
External Infrastructure of your Azure cloud
Application(s) you host/create on your platform
Azure cloud's internal infrastructure
Azure configuration review
Application Programming Interface
Web applications hosted by your organization
Programming languages
Virtual machines and operating systems
Analyzing the security of the Azure Cloud
Evaluating security in the Azure Cloud
Explore various tools for Azure
Inspect an automated framework for assessing Azure Infrastructure
Creating a custom tool to assess Azure Infrastructure
Red-Team Best Practices
Section 2
Azure Authorization Checks
Enumeration of Azure AD
Azure Policies
Azure PowerShell
Azure Cloud-shell
Azure Internal Recon
Azure Privilege Escalation
The Golden SAML & Primary refresh token
Managing Azure Identities and Governance
Azure Storage Security etc
Azure Key Vault
Azure Security Center
Azure Sentinel
Azure Best Practices
Domain 4: IPv4 and IPv6
A Quick Overview of IPv4 and IPv6
IPv4 vs. IPv6: What's the Difference?
Exploit Chain for IPv4-based Networks Developed by Hacker Associates
Exploit Chain for IPv6-based Networks by Hacker Associates
Exploring attack techniques based on IPv4 and IPv6
How do you keep your IPv6 neighbors from discovering you?
How can you keep your IPv6 address management secure?
Attacks on IPv6 Neighbor Discovery Mitigation
IPv6 attack techniques and mitigations
THC IPv6 Attack Toolkit
Red Teaming Best Practices
Domain 5: Offensive Kerberos
Kerberos: A Quick Overview
Identifying how Kerberos works and configuring it
KDC: Key Distribution Centre
AS: Authentication Service
TGT: Ticket Granting Ticket
SPN: Service Principal Name
PAC: Privilege Attribute Certificate
Service Tickets
Attacking Kerberos, the Windows ticket-granting service
Kerbrute Enumeration: No domain access required
Pass the Ticket Attack: Access as a user to the domain required
Kerberoasting : Access as any user required
AS-REP Roasting: Access as any user required
Golden Ticket: Full domain compromise (domain admin) required
Silver Ticket: Service hash required
Skeleton Key: Full domain compromise (domain admin) required
Red-Teaming Best Practices
Domain 6: Offensive Active Directory
A brief overview of Active Directory
Domain Controller (DC)
Forests, trees, domains
Users and groups
Trusts
Policies
AD Enumeration
AD Domain Services and Authentication
AD in the Cloud (Azure AD)
Abusing Kerberos
Cross Trust Attacks
Cross Trust Attacks
Enumerating Server Managers
Enumeration with Bloodhound: a GUI interface that allows you to visually map out the network
Maintaining Access
Post Exploitation Technique
Defences and Bypass – PowerShell
Red-Teaming Best Practices
Domain 7: Offensive Docker Container
A brief overview of container technology
Introduction to Docker
Docker Container Configuration
Docker Commands
Docker Images
Docker Compose
Docker Engine
Docker Networking & Registry
Docker Misconfiguration
Hacker Associate Docker containers Exploit Chain
Docker vulnerability static analysis
Docker Exploitation
Red-Teaming Best Practices
Domain 8: Offensive Kubernetes
A Brief Introduction of Kubernetes
Monitoring and logging
Application Lifecycle Management
Kubernetes Security
Cluster Maintenance
Create and deploy a Kubernetes cluster
Networking
Storage
Red-Teaming Best Practices
Domain 9: Cobalt Strike: Adversaries Red Team Simulation: Reconnaissance
Convert Communication
Cobalt Strike Model
Setting up infrastructure and troubleshooting
Customize Beacon’s network indicators using C2
Weaponized Cobalt Strike’s Beacon Payload
Initial Access Process
Privilege Escalation
Abusing Lateral Movements
Pivoting with Cobalt Strike’s SSH sessions
Domain 10: Tunneling & Pivoting
A Quick Overview of Tunneling and Pivoting
Network Chain Exploitation
Hacker Associate Tunneling and Pivoting Exploit Chain
Proxy Pivoting
Pivoting the VPN
Use proxy chains and SSH to pivot
Using the Netcat relay to pivot
Proxy SOCKS
Additional tools and techniques
Best Practices for Red-Teaming
Domain 11: Privilege Escalation
Abuse Elevation control mechanism
Access token manipulation
Boot or Logon Auto start Execution
Boot or Logon Initialization scripts
Create or modify system processes
Escape to Host
PE (horizontal and vertical)
The Event Triggered Execution
Exploitation for Privilege Escalation
Red-Teaming Best Practices
Domain 12: Credential Access
Network sniffing using AiTM (Adversary-in-the-Middle)
Brute Force
Password Spraying attacks
Forge Web Credentials
Modify Authentication Process
OS Credential Dumping
Two Factor Authentication Interception
Forced Authentication
Kerberos ticket theft or forgery
Steal Web Session Cookie
Domain 13: Command & Control
Introduction to Command and control server
•Communication using application layer
Exploiting different Protocols SMB, SSH, or RDP
Encrypted Channels
•Multi-Stage Channels
Protocol Tunneling
Domain 14: Application Security
Top-10 OWASP Web Security Risks
Top 10 OWASP Mobile Apps
Reverse Engineering
TLS/SSL Attacks
Red-Teaming Best Practices for Web Applications
Red-Teaming Best Practices for Mobile Applications
