Red Team Professional - Week 1

Home Blog


I thought I would do a little write up / review on this course as I have not see any out there.  I'll let you know my thoughts on the pros and cons about this course and what my thoughts are on this so far.

I really love how it simulates a real world scenario. Pentester Acedemy uses the Assumption methodology, whereby they assume that you are in the network already; on a domain joined computer. I have put in a lot of time this week. Some topics covered so far are Domain / User / Machine / Group Enumeration, User Hunting, Lateral Movement, Bloodhound, ACLS and Trust Relationships.

The above Diagram shows the cycle of attack a Red teamer would follow once in the system. During the loop, I can see that there are a number of commands are being used again on different machines like Invoke-Command, Invoke-UserHunter -Checkacces etc.. So I'm getting familiar with this.

Everything is going good so far, however I am finding it difficult as its all Powershell. There is no linux involved, and they say its better to use the tools that is already provided on the machine that you are on. They call it "Living off the land.". To be honest, I do miss my shortcuts with terminator on a linux box :(

First thing is that it is NOTHING like the OSCP. There are no boxes to pop. You are given a VPN connection which connects you to a domain joined computer (Windows 2016 Datacenter). From here, you will need to Enumerate the different domains/forests, Hunt for user/local admin credentials, obtain hashes by various methods such as kerberoast/mimikatz etc, move lateral to different machines that you can elevate your privileges to domain admin etc.. With as little noise as possible, and by passing security controls such as App Locker, Windows Defender and Constraint Language mode.

Pentester Acadmey gives you PDF slides, Learning Objective Answer Slides/Videos, 14 hour Video content and Learning Objective Questions. For the Learning Objectives Questions, you can then practice what you have learned from the Videos/PDF on the Lab that are given. If you are stuck, you can look at the answers that they give you or watch the video, demonstrating how to complete the tasks.

To be honest, I have looked at a couple of videos because I have no idea how the syntax works with Powershell. I keep on thinking about doing this like the OSCP approach and try harder and knock myself out to find answers etc. But part of me wants to just learn this the normal way and go through this slowly and soak in Powershell completely. It hasn't been a week yet. I'm taking today off and will be studying on the weekend tomorrow for 24 hours in total. Hopefully I can get more done and by next update, it would be more of a positive blog!

What I learned so far is that Red Teaming is a different beast compared to normal Pentesting engagements.. and that I'm loving every bit of it, even though I'm complaining about Powershell.