Red Team Operations

FC-05

Full Red Team operation cycle based on MITRE ATT&CK. Sliver and Havoc C2, Initial Access via phishing, AD attacks, AV/EDR Evasion and OPSEC. Requires FC-03 and FC-04.

50 lessons10 modulesAdvanced4 themes

Start Learning ← All Courses

ReconnaissanceOSINT · Shodan · Recon-ng

Initial AccessPhishing · Exploit · BadUSB

C2 & ExecutionSliver · Cobalt Strike · Beacon

Lateral MovementBloodHound · PsExec · PTH

PersistenceRegistry · WMI · Scheduled Tasks

ExfiltrationDNS tunnel · C2 · HTTPS

Why Red Team is the pinnacle of offensive security

Numbers that explain everything

287days — average time to detect an APT in a corporate network

98%of Red Team operations find critical vulnerabilities within 72 hours

$150K+annual salary for a Senior Red Team Engineer in the US

11 minfrom initial access to Domain Admin for an experienced Red Teamer

After the course you will be able to

Not theory — real APT techniques used by professional Red Team operators

🎯Execute a full Red Team kill chain following MITRE ATT&CK — from planning to exfiltration

🎣Create a phishing campaign with weaponized documents (macros, LNK, HTA) and social engineering

🕵️Set up a Sliver or Havoc C2 framework and manage agents over DNS and HTTPS

🔑Achieve Domain Admin via Kerberoasting, Pass-the-Hash, DCSync and Golden Ticket

👻Establish persistence: Registry Run Keys, WMI Subscriptions, COM Hijacking

🦅Bypass EDR using AMSI bypass, Direct Syscalls, Process Hollowing and shellcode encryption

📡Exfiltrate data via DNS tunneling and C2 HTTPS — without IDS detection

📋Write a professional Red Team report: Executive Summary, TTPs mapped to ATT&CK, recommendations

Real operations in the course

We analyze techniques of real APT groups and apply them in legal lab environments

APT case2020

SolarWinds — 18,000 companies via supply chain

APT29 (Cozy Bear) planted the SUNBURST backdoor in official SolarWinds Orion updates. 18 months of undetected access to US government and Fortune 500 networks. A classic supply chain attack.

Lesson 7 · Supply chain attacks and OPSEC

Red Team case2019

MITRE ATT&CK — how a real Red Team exfiltrated data from a bank

MITRE conducted a Red Team operation against a major bank. In 5 days: initial access via spear phishing, lateral movement through AD, exfiltration of 2 TB of data — all undetected by Blue Team.

Lesson 32 · Full operation cycle

Success story2022

Joe Vest — $300K for a single Red Team operation

NSA veteran and VECTR creator Joe Vest demonstrated how solid methodology and reporting turn a Red Team specialist into a $300K+ per-project consultant for Fortune 100.

Lesson 48 · Monetization and career in Red Team

Course Program

10 modules · 50 lessons · 4 themes: Red Team Basics, Initial Access & C2, Lateral Movement & Evasion, Exfiltration & OPSEC

Where this course leads

FC-05 — the pinnacle of offensive security and entry into the elite Red Team market

$8,000 — $20,000/mo

Red Team Lead

Lead Red Team operations against enterprise clients. The highest level of offensive security.

Cobalt StrikeAD attacksOPSECC2

Track:FC-05 → MC-05 → Red Team Lead

$5,000 — $12,000/mo

APT / Threat Intel Researcher

Study tactics of APT groups, emulate them to test organizational defenses. Work in Threat Intel teams.

MITRE ATT&CKMalware AnalysisTTP emulationReporting

Track:FC-05 → FC-07 → Threat Intel

$3,500 — $10,000/mo

Pentest Consultant

Conduct comprehensive pentests for enterprise clients. FC-05 is the transition from junior to consultant.

Full kill chainADWebCloud

Track:FC-03 → FC-04 → FC-05 → Consultant

Who this course is for

⚔️

After FC-03 and FC-04

Completed web hacking and network security and want to advance to full Red Team operations against enterprise targets

🔴

Pentesters

Doing classic pentests and want to move to Red Team level: C2 frameworks, OPSEC, EDR bypass and full kill chain

🏆

Elite career

Want to work in Red Teams of top companies or build your own team with $150K+ annual income

Become a Red Team
specialist
at the elite level

55 hours with Cobalt Strike, Sliver, BloodHound and Mimikatz. Real APT scenarios in a secure lab environment.

Start Learning ← All Courses

FC-05● Available

Level: advanced

50 lessons

video + practice

55 hours

of content

10 modules

by topic

3 themes

Recon → C2 → EDR Bypass

Full Red Team kill chain in practice

C2 frameworks Cobalt Strike and Sliver

BloodHound + Mimikatz + DCSync

EDR bypass via AMSI bypass and syscalls