Red Team Operations with Cobalt Strike is a free course on red team operations and adversary simulations. This course will provide the background and skills necessary to emulate an advanced threat actor with Cobalt Strike.

1. Operations

This course starts with an overview of the Cobalt Strike project, team server setup, and a deep dive into Cobalt Strike's model for long-term distributed operations. Logging and Reporting are covered as well.

2. Infrastructure

This lecture covers listener management and how to configure the various Beacon flavors. Ample time is devoted to redirectors, domain fronting, DNS Beacon setup, and infrastructure troubleshooting. The peer-to-peer SMB and TCP Beacons are covered here. External C2 is touched on.

3. C2

This video introduces Malleable C2, Cobalt Strike's domain-specific language to customize Beacon's network indicators. Egress and Network-level evasion are covered here as well as infrastructure OPSEC. This lecture concludes with a discussion on payload security.

4. Weaponization

Weaponization is combining a payload with an artifact or exploit that will run it. This lecture covers various ways to weaponize Cobalt Strike's Beacon payload. The Artifact Kit and Resource Kit are introduced. Ample time is devoted to the topic of tradecraft and how to get your payload into a safe-context for post-exploitation.

5. Initial Access

This lecture covers the client-side attack process, spear phishing, and tradecraft related to the delivery of phishes.

6. Post Exploitation

What happens once you get into a network? This video covers how to manage Beacons, pass sessions, run commands, exfiltrate data, log keystrokes, grab screenshots, and has a very healthy dose of post-exploitation tradecraft and theory.

7. Privilege Escalation

Privilege Escalation is elevating from standard user rights to full control of a system. This lecture introduces the Elevate Kit, covers the use of SharpUp to find misconfigurations, and how to elevate with credentials. Other topics include Kerberoasting (to potentially recover privileged credentials), how to bypass user account control, and how to elevate to SYSTEM. This lecture also discusses credential and hash harvesting with mimikatz.

8. Lateral Movement

Lateral Movement is abusing trust relationships to attack systems in an enterprise network. This video covers host and user enumeration, remote control of systems without using malware, and remote code execution with the Beacon payload. You'll also learn to steal tokens, use credentials, pass-the-hash, and generate Kerberos Golden Tickets.