top of page
Abstract Blue Light
Certified Red Team Operator (CRTO-901)
22.png

Target Students​

Security professionals, ethical hackers, penetration testers, and cybersecurity analysts who are responsible for simulating sophisticated cyberattacks to test and improve the security posture of an organization.

Duration :  40 hours (5 days)
Learning Objectives

Master advanced red teaming techniques and tactics to simulate cyberattacks.

-Learn to bypass security controls and exploit vulnerabilities.

-Understand the full lifecycle of red team operations from planning to reporting.

-Gain experience with real-world attack scenarios and advanced persistent threat (APT) simulations.

-Develop skills to improve an organization’s resilience against sophisticated cyber threats.

Exam Codes: CRTO-901
Exam Formats
 

100 multiple-choice questions

Exam Options
 

Online

In-Person

Passing Score​: 70% 
Exam Duration: 2 hours

COURSE OUTLINE

Foundations of Red Teaming
Module 1: Introduction to Red Teaming

  • Overview of Red Team Operation

  • Definition and Role of Red Teaming in Cybersecurity

  • Differences between Red Teaming, Penetration Testing, and Blue Teaming

  • Understanding Red Teaming Methodology: Planning, Execution, Reporting

  • Building a Red Team Environment

  • Setting up a Virtual Lab Environment: Tools, Resources, and Best Practices

  • Introduction to Virtual Machines, Networking, and Simulation Platforms

  • Overview of Red Teaming Tools: Metasploit, Cobalt Strike, and Custom Scripts

Module 2: Reconnaissance and Information Gathering

  • Active Reconnaissance Techniques

  • Network Scanning: Nmap, MasscanService Enumeration: Identifying Open Ports, Services, and Operating Systems

  • Vulnerability Scanning: Nessus, OpenVAS, and Manual Techniques

  • Passive Reconnaissance Techniques

  • OSINT (Open Source Intelligence) Gathering: WHOIS, DNS Enumeration, Social Media Profiling

  • Gathering Metadata from Public Sources

  • Identifying High-Value Targets through Passive Surveillance

Initial Compromise and Exploitation
Module 3: Exploitation Techniques

  • Exploitation of Network Services

  • dentifying and Exploiting Vulnerabilities in Common Network Services: SMB, RDP, SSH

  • Crafting and Delivering Payloads using Metasploit and Custom Exploits

  • Exploitation Techniques for Privilege Escalation

  • Client-Side Exploitation

  • Social Engineering Tactics: Phishing, Spear Phishing, and Pretexting

  • Exploiting Client-Side Applications: Browsers, Email Clients, Document Readers

  • Case Study: Conducting a Phishing Campaign and Analyzing Results

Module 4: Post-Exploitation and Persistence

  •  Maintaining Access

  • Techniques for Establishing Persistence: Backdoors, Rootkits, and Web Shells

  • Exploiting Windows and Linux Systems for Long-Term Access

  • Case Study: Implementing Persistence in a Target Environment

  • Data Exfiltration

  • Techniques for Data Exfiltration: Covert Channels, Steganography, and Encryption

  • Exfiltration via Network Channels: FTP, HTTP, DNS Tunneling

  • Case Study: Simulating Data Exfiltration in a Secure Environment

Lateral Movement and Privilege Escalation
Module 5: Lateral Movement Techniques

  • Moving Within the Network

  • Techniques for Moving Laterally: Pass-the-Hash, Pass-the-Ticket, and SMB Relay

  • Exploiting Trust Relationships: Active Directory, Kerberos Attacks, and Golden Tickets

  • Case Study: Achieving Domain Admin Rights through Lateral Movement

  • Privilege Escalation

  • Escalating Privileges on Windows and Linux Systems

  • Identifying and Exploiting Misconfigurations: Sudo, SUID/SGID, and Scheduled Tasks

  • Techniques for Bypassing User Account Control (UAC) and Exploiting Service Misconfigurations

Module 6: Advanced Techniques

  • Advanced Persistent Threat (APT) Simulation

  • Understanding APT Tactics, Techniques, and Procedures (TTPs)

  • Simulating APT-Style Attacks: Multi-Stage Attacks and Long-Term Persistence

  • Case Study: Simulating an APT Attack on a Large Enterprise Network

  • Command and Control (C2)

  • Setting Up and Using C2 Infrastructure: Cobalt Strike, Empire, and Custom C2 Servers

  • Techniques for Evading Detection and Hiding C2 Traffic

  • Case Study: Implementing a C2 Framework in a Red Team Exercise

Evasion Techniques and Red Team Reporting
Module 7: Evasion Techniques

  • Antivirus and Endpoint Detection Bypass

  • Techniques for Bypassing AV and EDR Solutions: Obfuscation, Packing, and Polymorphism

  • Advanced Evasion Techniques: Living Off the Land (LotL) and Fileless Malware

  • Case Study: Evading Detection in a High-Security Environment

  • Network Traffic Evasion

  • Techniques for Evading Network Security Devices: Firewalls, IDS/IPS, and Web Proxies

  • Using Encrypted Channels and Steganography for Covert Communication

  • Case Study: Simulating Evasive Network Traffic in a Secure Environment

Module 8: Reporting and Post-Engagement Activities

  • Documenting Red Team Operations

  • Writing Effective Red Team Reports: Findings, Recommendations, and Executive Summaries

  • Case Study: Creating a Red Team Report for a Simulated Engagement

  • Presentation of Red Team Findings: Communicating with Stakeholders

  • Lessons Learned and Post-Engagement Activities

  • Conducting Post-Engagement Analysis: Lessons Learned, Root Cause Analysis, and Improvement Areas

  • Follow-Up Activities: Remediation, Verification, and Retesting

  • Case Study: Analyzing the Impact of a Red Team Exercise on Organizational Security Posture

Practical Application and Capstone Project
Module 9: Red Team Simulation

  • End-to-End Red Team Exercise

  • Participants Execute a Full Red Team Operation: Planning, Reconnaissance, Exploitation, Lateral Movement, and Reporting

  • Real-World Scenario Simulation: Targeting a Corporate Network with Simulated Security Controls

  • Peer Review and Instructor Feedback on Red Team Performance

  • Advanced Red Team Techniques

  • Exploring Cutting-Edge Red Team Techniques: Machine Learning for Attack Prediction, Automation of Red Team Operations

  • Case Study: Implementing Advanced Techniques in a Live Red Team Exercise

Module 10: Capstone Project and Exam Preparation

  • Capstone Project

  • Participants Work on a Comprehensive Capstone Project that Encapsulates All Skills Learned Throughout the Course

  • Focus on Real-World Application, Reporting, and Analysis

  • Peer Review and Presentation of Capstone Project

  • Exam Preparation and Review

  • Review of Key Concepts and Techniques Covered During the Course

  • Sample Exam Questions and Group Discussions

  • Final Q&A Session and Wrap-Up

bottom of page