A complete Red Team study & reference guide covering:
- Adversary emulation
- Offensive tradecraft
- Infrastructure & C2
- Operational security (OPSEC)
- Safety, governance, and reporting
Designed for:
- Red Team operators
- Adversary emulation specialists
- Purple Teamers learning offense
- Security professionals studying red team operations
- Red Team Foundations
- Operational Methodology
- Reconnaissance & Initial Access
- Execution & Persistence
- Privilege Escalation & Lateral Movement
- Command & Control (C2)
- OPSEC & Safety
- Infrastructure & Tooling
- Cloud & Identity Attacks
- Reporting & Impact
- Red Team Labs & Practice
- Checklists
- Roadmaps
- Recommended Learning (YouTube & Online)
- Common Mistakes
- What is Red Teaming: https://www.sans.org/blog/what-is-red-teaming/
- MITRE ATT&CK (Enterprise): https://attack.mitre.org/
- Threat-led testing basics: https://www.mitre.org/news-insights/publication/adversary-emulation-plans
- Red Team Field Manual (RTFM): https://github.com/infosecn1nja/Red-Teaming-Toolkit
- Awesome Red Team: https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
- Red Team engagement lifecycle
- Rules of Engagement (RoE)
- Safety & deconfliction
- Stop conditions
- Red Team Operations & Governance: https://www.redteamleaders.com/
- Adversary Emulation Plans (MITRE): https://attack.mitre.org/resources/adversary-emulation-plans/
- OSINT & attack surface mapping
- Phishing, password spraying, MFA abuse
- Web & identity-based access
- OSINT Framework: https://osintframework.com/
- Phishing fundamentals: https://www.sans.org/blog/phishing-techniques/
- Evilginx (AiTM): https://github.com/kgretzky/evilginx2
- Living-off-the-Land (LOTL)
- Persistence mechanisms
- Scheduled tasks, services, registry
- LOLBAS Project: https://lolbas-project.github.io/
- Persistence techniques (MITRE): https://attack.mitre.org/tactics/TA0003/
- Windows privilege escalation
- Credential access
- AD attack paths
- BloodHound: https://github.com/SpecterOps/BloodHound
- AD attack research: https://posts.specterops.io/
- PrivEsc techniques: https://gtfobins.github.io/
- Beaconing models
- Redirectors
- C2 OPSEC
- C2 Matrix: https://www.thec2matrix.com/
- Cobalt Strike overview: https://www.cobaltstrike.com/
- Sliver C2: https://github.com/BishopFox/sliver
- Avoiding collateral damage
- Artifact handling
- Evidence minimization
- Abort mechanisms
- OPSEC fundamentals: https://en.wikipedia.org/wiki/Operations_security
- Red Team safety practices: https://www.sans.org/blog/red-team-safety/
- VPS management
- Domain hygiene
- Redirector design
- Logging & takedown plans
- Red Team infrastructure guide: https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki
- AWS red team infra basics: https://github.com/RhinoSecurityLabs/pacu
- IAM abuse
- Token theft
- Control-plane attacks
- Stratus Red Team (Cloud): https://github.com/DataDog/stratus-red-team
- Azure attack paths: https://github.com/Azure/Cloud-Katana
- AWS attack research: https://github.com/RhinoSecurityLabs/cloudgoat
- Executive reporting
- Business impact framing
- Evidence & timelines
- Red Team reporting guide: https://www.sans.org/blog/how-to-write-a-red-team-report/
- TryHackMe (Red Team paths): https://tryhackme.com/
- Hack The Box: https://www.hackthebox.com/
- VulnHub: https://www.vulnhub.com/
➡️ See: REDTEAM-CHECKLIST.md
➡️ See: REDTEAM-ROADMAP.md
- IppSec (HTB walkthroughs): https://www.youtube.com/c/IppSec
- John Hammond: https://www.youtube.com/c/JohnHammond010
- InsiderPhD (Web attacks): https://www.youtube.com/c/InsiderPhD
- Black Hills InfoSec: https://www.youtube.com/c/BlackHillsInformationSecurity
- PortSwigger Web Security Academy: https://portswigger.net/web-security
- OWASP WebGoat: https://owasp.org/www-project-webgoat/
- Tool-first thinking
- Ignoring OPSEC
- No authorization
- No cleanup
- No reporting discipline
For educational and authorized security testing only.