Your guide to learning and implementing red team tactics effectively

Key Features

• Target a complex enterprise environment in a red team activity
• Detect threats and respond to them with a real-world cyber attack simulation
• Explore advanced penetration testing tools and techniques

Book Description

Cybersecurity red teaming is used to enhance security by performing simulated attacks on an organization to detect network and system vulnerabilities. This book starts with an overview of pentesting and red teaming, and introduces you to some of the latest pentesting tools. You'll then explore Metasploit and get to grips with Armitage. Once you've studied the fundamentals, you'll learn how to use Cobalt Strike and set up its team server.

Hands-On Red Team Tactics covers some lesser known techniques for pivoting and helps you pivot over SSH, before using Cobalt Strike in a monitored environment. This guide demonstrates advanced post-exploitation methods and introduces you to Command and Control (C2) servers and redirectors, which will help you keep your team severs from getting detected. You'll achieve persistence using beacons and data exfiltration, and understand how to use red team activity tools, such as Empire, on Active Directory and Domain Controller. Furthermore, you'll be able to maintain persistent access, stay untraceable, and get reverse connections over different C2 covert channels.

By the end of this book, you'll be well versed with advanced penetration testing tools, techniques to get reverse shells over encrypted channels, and processes for post-exploitation.

What you will learn

• Get started with red team engagements using less common methods
• Explore a variety of post-exploitation techniques
• Get acquainted with all the tools and frameworks included in the Metasploit framework
• Discover how you can gain stealth access to systems via red teaming
• Understand the concept of redirectors to add further anonymity to your C2
• Work through a range of uncommon data exfiltration techniques

Who this book is for

Hands-On Red Team Tactics is for you if you are an IT professional, pentester, security consultant, or ethical hacker interested in the IT security domain and want to go beyond penetration testing. Prior knowledge of penetration testing will assist with understanding key concepts covered in this book.

Table of Contents

1. Red-Teaming and Pentesting
2. Pentesting 2018
3. Foreplay - Metasploit Basics
4. Getting Started with Cobalt Strike
5. ./ReverseShell
6. Pivoting
7. Age of Empire - The Beginning
8. Age of Empire - Owning Domain Controllers
9. Cobalt Strike - Red Team Operations
10. C2 - Master of Puppets
11. Obfuscating C2s - Introducing Redirectors
12. Achieving Persistence
13. Data Exfiltration

About the Author

Himanshu Sharma has already achieved fame for finding security loopholes and vulnerabilities in Apple, Google, Microsoft, Facebook, Adobe, Uber, AT&T, Avira, and many more with hall of fame listings. He has helped celebrities such as Harbhajan Singh in recovering their hacked accounts, and also assisted an international singer in recovering his hacked accounts. He was a speaker at the international conference Botconf '13, CONFidence 2018 and RSA Singapore 2018. He also spoke at IEEE Conference as well as for TedX. Currently, he is the cofounder of BugsBounty, a crowd-sourced security platform.

Harpreet Singh has more than 5 years experience in the field of Ethical Hacking, Penetration Testing, and Red Teaming. In addition, he has performed red team engagement in multi-national banks and companies. Harpreet is a Offensive Security Certified Professional (OSCP) and Offensive Security Wireless Professional (OSWP). He has trained 1500+ students including Govt. officials in International projects.