Red Team Roadmap[2024]

step 0
1. Network+ (Learn basic concepts about networks, including TCP/IP and OSI models.)Basic cybersecurity concepts such as the CIA Triad (Confidentiality, Integrity, Availability), and principles like least privilege and defense in depth.
2. Topics: Basic network concepts, TCP/IP, OSI model
3. Tools: Wireshark, Nmap
4. References: "Network+ Guide to Networks" by Jill West and Tamara Dean
5. CompTIA Network+ / N10-008
6. CompTIA Security+ /
step 1
1. LPIC 1 (Learn how to operate the Linux OS, aiming to work with distributions like Kali Linux.)
2. Topics: Linux command line, file systems, shell scripting
3. Tools: Kali Linux, Bash scripting
4. LPIC-1/CompTIA Linux+ Certification
5. Linux Professional Institute LPIC-1
step 2
1. LPIC 2 (Learn how Linux services work and running services, with the goal of operating red team infrastructure proficiently and managing Linux services for red team exercises.)
2. Topics: Linux services, system administration
3. Tools: Systemd, Apache, SSH
4. Linux Professional Institute Certification LPIC-2
5. Linux Professional Institute LPIC-2
step 3
1. MCSA/MCSE (Focus more on Active Directory, Kerberos, LDAP, group policy, and other Windows services like IIS, DNS, DHCP, file server, etc. Understand service operations and alterations for red team exercises.)
2. Topics: Active Directory, Group Policy, Windows Server management
3. Tools: Active Directory Users and Computers, PowerShell
4. MCSA, MCSD, MCSE certifications
step 4
1. CCNA (Learn concepts like NAT, firewall, ACL, VLAN, routing, switching.)
2. Topics: Network concepts, routing, switching, VLANs
3. Tools: Cisco Packet Tracer, GNS3
4. CCNA Routing and Switching Complete Study Guide
step 5
1. Programming in C/C++, Python, Bash, PowerShell (As a red teamer, you might develop or customize tools. For TTP tests, proficiency in at least C++ is necessary. For advanced goals like developing C2, C/C++ assembly knowledge is beneficial. Additionally, familiarity with C# is advantageous.)
2. Topics: Basic programming concepts, scripting, automation
3. Automate the Boring Stuff with Python
4. Programming in C
5. Tools: Visual Studio Code, Git
6. Black Hat Python
7. Black Hat Bash
8. ADVANCED POWERSHELL FOR OFFENSIVE OPERATIONS
9. Offensive C#
step 6
1. OWASP Top 10 Web/API (As a red teamer, understanding common vulnerabilities in web applications and APIs is crucial. Exploiting web or API services is integral to some IA techniques.)
2. Topics: Web application vulnerabilities, API security
3. The Web Application Hacker's Handbook
4. Tools: Burp Suite, OWASP ZAP
5. OWASP Top 10 API Security Risks
6. OWASP Top Ten
7. OWASP Web Security Testing Guide
8. SEC542: Web App Penetration Testing and Ethical Hacking
step 7
1. Network Penetration Testing (Red teamers should be proficient in discovering vulnerabilities using scanners and exploiting known vulnerabilities.)
2. Topics: Vulnerability scanning, exploit development, wireless hacking, cloud hacking
3. Metasploit: The Penetration Tester's Guide
4. Tools: Metasploit, Nessus
5. SEC560: Enterprise Penetration Testing
6. SEC580: Metasploit for Enterprise Penetration Testing
7. SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
step 8
1. Windows Internals (Understanding Windows internals is essential before delving into working with tools or exploiting AD.)
2. Topics: Windows architecture, registry, processes
3. Windows Internals: System architecture, processes, threads, memory management, and more, Part 1
4. Tools: Process Explorer, Registry Editor
5. Windows Internals, Part 1: User Mode
step 9
1. Linux Internals (In enterprise networks, Linux OSes are prevalent. Red teamers should be familiar with Linux internals for exercises.)
2. Topics: Linux kernel, system calls, memory management
3. Understanding the Linux Kernel
4. Tools: strace, sysdig
5. Linux Internals Simplified: A beginners guide to Linux Internals
step 10
1. macOS Internals (macOS is widely used in many organizations. Understanding macOS internals is crucial, particularly in regions where it's popular.)
2. Topics: macOS architecture, filesystem, security mechanisms
3. References: "Mac OS X Internals: A Systems Approach" by Amit Singh
4. Tools: dtrace, fs_usage
5. https://www.amazon.de/-/en/Jonathan-Levin/dp/1118057651
6. MacOS and iOS Internals, Volume I
step 11
1. OSCP Pen200 (This course covers tools for discovering vulnerabilities and exploiting them. Previous knowledge from steps 0-10 provides a foundation for success in this exam.)
2. Topics: Penetration testing methodology, privilege escalation, buffer overflows
3. References: Offensive Security's PWK course material
4. Tools: Kali Linux tools (e.g., Hydra, Nmap), exploit-db
5. PEN-200: Penetration Testing with Kali Linux
step 12
1. Red Team Frameworks (Understanding MITRE ATT&CK tactics and techniques is crucial. Practice with Caldera, Atomic Red Team, and Cobalt Strike for emulating TTP.)
2. Topics: MITRE ATT&CK framework, adversary emulation, Cyber Threat Intelligence, social engineering, physical Red Team
3. MITRE ATT&CK website
4. Tools: Atomic Red Team, Cobalt Strike
5. Enterprise Matrix
6. SEC565: Red Team Operations and Adversary Emulation
7. The Red Team Field Manual
step 13/14
1. Optional steps (Courses CRTP/CRTE focus on AD exploitation. Reviewing these resources ensures proficiency in all techniques relevant to AD exploitation.)
2. Topics: Active Directory exploitation, post-exploitation techniques
3. References: Pentester Academy's CRTP/CRTE course material
4. Tools: BloodHound, PowerSploit
5. Active Directory Security
6. Adversary Simulation and Red Team Operations.
7. Defence Evasion Tactics
step 15
1. OSEP PEN300 (This course covers advanced evasion techniques and Windows kernel exploitation. Proficiency in Windows internals and C++ is necessary.)
2. Topics: Advanced evasion techniques, Windows kernel exploitation
3. References: Offensive Security's OSEP course material
4. Tools: Custom shellcode, immunity debugger
5. PEN-300: Advanced Evasion Techniques and Breaching Defenses
step 16
1. Exploit Development (Senior red teamers should be proficient in discovering and modifying exploits. Mastery of concepts covered in previous steps is essential.)
2. Topics: Reverse engineering, heap exploitation
3. Hacking: The Art of Exploitation
4. Tools: IDA Pro, Immunity Debugger, windbg, Ghidra
5. EXP-301: Windows User Mode Exploit Development
6. EXP-312: Advanced macOS Control Bypasses
7. EXP-401: Advanced Windows Exploitation
8. SEC760: Advanced Exploit Development for Penetration Testers
9. Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation
step 17
1. Malware Development (Proficiency in developing and customizing C2 is essential for enterprise networks. Before proceeding, ensure SIEM FP levels are adequate.)
2. Topics: Malware analysis, C2 frameworks
3. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
4. Malware Analyst's Cookbook: Tools and Techniques for Fighting Malicious Code
5. Tools: Cobalt Strike, Metasploit, Veil
6. RED TEAM Operator: Malware Development Essentials
7. RED TEAM Operator: Malware Development Intermediate
8. RED TEAM Operator: Malware Development Advanced - Vol.1
9. C2 Development in C#
10. Offensive Driver Development
step 18
1. Offensive Security Tools Developer (Red teamers should be capable of developing or customizing tools for engagements.)
2. Topics: Network protocol analysis, tool customization
3. Python Forensics: A Workbench for Inventing and Sharing Digital Forensic Technology
4. Black Hat Python: Python Programming for Hackers and Pentesters
5. Tools: Scapy, custom Python scripts
6. SEC670: Red Teaming Tools - Developing Windows Implants, Shellcode, Command and Control
Basic Concepts
Linux Concepts
Active Directory
Network Infrastructure
Programming skills
Web Application Hacking
Network Hacking
OS Internals
Basic Penetration skill
Adversary Emulation & Simulation
Active directory hacking
Art of evasion
Reverse engineering & Exploitation
Malware development
OST
Soheil Hashemi (soheilsec)
1. YouTube
2. Twitter
3. Telegram
4. Website
Junior Level in a nutshell
1. OS internals
2. Basic Penetration skill
3. Adversary Emulation & Simulation
4. Active directory hacking
Senior Level in a nutshell
1. Reverse engineering & Exploitation
2. Malware development
3. OST
Intern Level in a nutshell
1. Basic Concepts
2. Linux Concepts
3. Active Directory
4. Network Infrastructure
5. Programming skills
6. Web Application Hacking
7. Network Hacking