Offensive Security Engineering
- Description
- Curriculum
- FAQ
- Reviews
The Offensive Security Engineering course focuses on the hands on skills it takes to run the infrastructure operations behind a “Red Team”. This course will cover C2 frameworks such as Empire, Merlin, and even the Metasploit framework’s C2 capabilities. In addition this course will cover multiple scenarios that will require students to configure custom drop boxes, reverse VPN tunnels, phishing campaigns, and more.
This course is great for those who are already in IT or Security and are looking to expand their horizons to learn how the back end of an offensive security operation works. Whether you’re a software developer, system administrator, or a newfound penetration tester, this course is for you!
-
1
IntroductionCourse introduction. In this lecture the instructor introduces himself and goes over the course outline.
-
2
Terraform Primer
This lecture is a simple primer to help you configure and cover the fundamentals of Terraform.
-
3
Serverless Framework Primer
This lecture is a simple primer to help you configure and cover the fundamentals of the Serverless Framework.
-
4
AWS Primer
This lecture is a simple primer to help you configure AWS credentials and keys if you choose to follow along with the course material directly.
-
11
Infrastructure Operations
This lecture walks through the fundamental concepts of system administration in the context of DevOps. We explore tools like Terraform and Saltstack and explain the ideas of Infrastructure as Code and Desired State.
-
12
DevOps QuizThis quiz covers the concepts of infrastructure as code, desired state, and configuration management.
-
13
Red Teams
This lecture is a brief overview of what "Red Teaming" is and the purpose and value it provides.
-
14
Red Teaming Quiz
This is a simple 3 question quiz to make sure we are setting some fundamental truths right about offensive security testing. Only one of them was covered in the lecture you will need to research on your own to discover the answers to the rest!
-
17
Classic Exploitation
This lecture is a hands on walk through of setting up a simple C2 server with Terraform and Metasploit to conduct a classic exploitation scenario.
-
18
Classic Post-Exploitation
This lecture is a hands on walk through of performing some simple post-exploitation activities with Metasploit as our C2.
-
19
Configuring a Basic C2
-
20
The Dropbox
This lecture is a hands on walk through for configuring an OpenVPN based drop box scenario. Our drop box will make use of reverse VPN tunneling to give us remote access to an internal target network allowing use to compromise the systems within.
-
21
The Dropbox Post-Exploitation
This lecture we continue into the post-exploitation phase of the drop box scenario. This is a hands on walk through involving the configuration and use of the Empire C2 framework.
-
22
Configuring PwnDrop
This lecture covers the PwnDrop tool for hosting C2 implants as a lead into the next lecture where we will use it to serve Merlin C2 framework agents.
-
23
Using Merlin with PwnDrop
Using the PwnDrop tool to host a Merlin C2 agent to establish a post-exploitation presence on a compromised Windows host.
-
24
The Dropbox Assignment
-
25
Custom C2 Tooling Development
This lecture is a walk through on developing a custom C2 server and implant using python and golang.
-
26
Phishing Attacks - Configuring Gophish
This lecture goes over the primary scenario in this section and walks through configuring and using the Gophish platform for conducting a convincing phishing campaign.
-
27
C2 Redirectors with AWS Lambda
This lecture walks through the entire scenario end to end including configuring a custom golang based Lambda redirector for our custom C2 implant.
-
28
Make a Custom Implant and Implement C2 Redirectors
