RadvanSec
نقشه راه رد تیم @kali_siganl.pdf
🚩 Red Team Learning Roadmap
Phase 0 – Foundations
🎯 Goal: Build strong fundamentals before touching offensive tools.
- Operating Systems:
- Linux: Bash scripting, permissions, networking commands (ip, netstat, ss)
- Windows: PowerShell, registry, Windows services
- Practice: TryHackMe – Linux & Windows Fundamentals
- Networking Basics:
- TCP/IP, DNS, DHCP, VPN, routing, firewalls
- Tools: Wireshark, tcpdump, nmap basics
- Programming:
- Python (automation, HTTP requests, socket programming)
- Bash scripting
- PowerShell scripting
Phase 1 – OSINT & Recon
🎯 Goal: Master information gathering before exploitation.
- Passive Recon: Shodan, Censys, Maltego, SpiderFoot, Google Dorking
- Active Recon: Nmap, Masscan, Amass, Subfinder
- Threat Intelligence: Breach data search (Dehashed, HaveIBeenPwned)
- Practice: Capture company footprint in HackTheBox or simulated labs
Phase 2 – Initial Access Skills (2–3 months)
🎯 Goal: Learn all possible ways to gain a foothold.
- Social Engineering:
- Phishing frameworks: Gophish, Evilginx2
- Payload delivery (macro documents, LNK files, HTA payloads)
- Exploitation:
- Web vulnerabilities (SQLi, XSS, RCE)
- Network services attacks (SMB, RDP, SSH, VPN)
- Credential Attacks:
- Password spraying, brute forcing, credential stuffing
- Tools: Hydra, CrackMapExec, Rubeus
Phase 3 – Foothold & C2
🎯 Goal: Learn how to stay inside the target network.
- C2 Frameworks: Cobalt Strike, Sliver, Mythic, Metasploit
- Persistence: Scheduled tasks, cron jobs, registry keys
- Custom Payload Development: Obfuscation techniques, EDR/antivirus evasion
Phase 4 – Privilege Escalation
🎯 Goal: Move from user to administrator/system level.
- Windows PrivEsc: UAC bypass, Kerberoasting, token impersonation
- Linux PrivEsc: Sudo misconfig, kernel exploits, capabilities abuse
- Tools: winPEAS, linPEAS, Seatbelt, PrivescCheck
Phase 5 – Internal Network Attacks (2 months)
🎯 Goal: Dominate inside networks.
- Active Directory Attacks:
- Enumeration: BloodHound, SharpHound
- Attacks: Pass-the-Hash, Pass-the-Ticket, DCSync, DCShadow
- Lateral Movement: WMI, PsExec, RDP hijacking
- Pivoting: Chisel, Socat, SSHuttle
Phase 6 – Data Exfiltration & Anti-Forensics (1 month)
🎯 Goal: Extract data and hide traces.
- Exfiltration: HTTP/DNS tunneling, ICMP exfil, cloud sync (Rclone)
- Covering Tracks: Clearing logs, timestomping, deleting artefacts
Phase 7 – Adversary Simulation & APT Tactics
🎯 Goal: Operate like advanced threat groups.
- Threat emulation frameworks: Caldera, MITRE ATT&CK, Red Team Automation
- Simulate campaigns of APT28, APT29, FIN7, etc.
- Combine all learned skills into multi-stage scenarios
#RedTeam #CyberSecurity #Hacking #OSINT #PrivilegeEscalation #C2 #APT #HackTheBox #CyberOps
⭐️ @ZeroSec_team
Phase 0 – Foundations
🎯 Goal: Build strong fundamentals before touching offensive tools.
- Operating Systems:
- Linux: Bash scripting, permissions, networking commands (ip, netstat, ss)
- Windows: PowerShell, registry, Windows services
- Practice: TryHackMe – Linux & Windows Fundamentals
- Networking Basics:
- TCP/IP, DNS, DHCP, VPN, routing, firewalls
- Tools: Wireshark, tcpdump, nmap basics
- Programming:
- Python (automation, HTTP requests, socket programming)
- Bash scripting
- PowerShell scripting
Phase 1 – OSINT & Recon
🎯 Goal: Master information gathering before exploitation.
- Passive Recon: Shodan, Censys, Maltego, SpiderFoot, Google Dorking
- Active Recon: Nmap, Masscan, Amass, Subfinder
- Threat Intelligence: Breach data search (Dehashed, HaveIBeenPwned)
- Practice: Capture company footprint in HackTheBox or simulated labs
Phase 2 – Initial Access Skills (2–3 months)
🎯 Goal: Learn all possible ways to gain a foothold.
- Social Engineering:
- Phishing frameworks: Gophish, Evilginx2
- Payload delivery (macro documents, LNK files, HTA payloads)
- Exploitation:
- Web vulnerabilities (SQLi, XSS, RCE)
- Network services attacks (SMB, RDP, SSH, VPN)
- Credential Attacks:
- Password spraying, brute forcing, credential stuffing
- Tools: Hydra, CrackMapExec, Rubeus
Phase 3 – Foothold & C2
🎯 Goal: Learn how to stay inside the target network.
- C2 Frameworks: Cobalt Strike, Sliver, Mythic, Metasploit
- Persistence: Scheduled tasks, cron jobs, registry keys
- Custom Payload Development: Obfuscation techniques, EDR/antivirus evasion
Phase 4 – Privilege Escalation
🎯 Goal: Move from user to administrator/system level.
- Windows PrivEsc: UAC bypass, Kerberoasting, token impersonation
- Linux PrivEsc: Sudo misconfig, kernel exploits, capabilities abuse
- Tools: winPEAS, linPEAS, Seatbelt, PrivescCheck
Phase 5 – Internal Network Attacks (2 months)
🎯 Goal: Dominate inside networks.
- Active Directory Attacks:
- Enumeration: BloodHound, SharpHound
- Attacks: Pass-the-Hash, Pass-the-Ticket, DCSync, DCShadow
- Lateral Movement: WMI, PsExec, RDP hijacking
- Pivoting: Chisel, Socat, SSHuttle
Phase 6 – Data Exfiltration & Anti-Forensics (1 month)
🎯 Goal: Extract data and hide traces.
- Exfiltration: HTTP/DNS tunneling, ICMP exfil, cloud sync (Rclone)
- Covering Tracks: Clearing logs, timestomping, deleting artefacts
Phase 7 – Adversary Simulation & APT Tactics
🎯 Goal: Operate like advanced threat groups.
- Threat emulation frameworks: Caldera, MITRE ATT&CK, Red Team Automation
- Simulate campaigns of APT28, APT29, FIN7, etc.
- Combine all learned skills into multi-stage scenarios
#RedTeam #CyberSecurity #Hacking #OSINT #PrivilegeEscalation #C2 #APT #HackTheBox #CyberOps
⭐️ @ZeroSec_team
❤3🤣3👍1
RadvanSec
نقشه راه رد تیم @kali_siganl.pdf
Phase 0 – Core Foundations (1–2 months)
Goal: Build strong OS, networking, and scripting basics before offensive work.
- Linux Fundamentals → TryHackMe – Linux Fundamentals
- Windows Fundamentals → TryHackMe – Windows Fundamentals
- Networking Basics → TCM Security – Practical Networking for Hackers
- Scripting → Python for Pentesters (TCM), PowerShell Basics (Pentester Academy)
- Security Mindset → Read "The Hacker Playbook 2" & "3"
Phase 1 – Web Application Penetration Testing (2–3 months)
Goal: Master exploiting and initial access through web apps.
- Burp Suite Mastery → PortSwigger Web Security Academy (all labs)
- Advanced Web Exploitation → PentesterLab Pro, Bug Bounty Bootcamp
- Web Red Team Labs → HackTheBox (Web Challenges), VulnHub (DVWA, Mutillidae, Juice Shop)
- Exploit Chaining → Combine SSRF + RCE + LFI for pivoting
Phase 2 – Network & Infrastructure Penetration Testing (2–3 months)
Goal: Learn external & internal network exploitation.
- External/Internal Pentesting → TCM – Practical Ethical Hacking
- Active Directory Attacks → Pentester Academy – Attacking & Defending Active Directory
- Windows Privilege Escalation → TCM – Windows Privilege Escalation
- Linux Privilege Escalation → TCM – Linux Privilege Escalation
- Pivoting & Tunneling → HackTheBox "Pivoting" labs
Phase 3 – Advanced Red Team Ops (2–3 months)
Goal: Real-world Red Team operations & stealth techniques.
- SANS 540 – Enterprise Penetration Testing
- Initial Access Techniques → Phishing, Watering Hole, Supply Chain Attacks
- C2 Frameworks → Cobalt Strike, Sliver, Mythic C2
- Lateral Movement → Pass-the-Hash, Kerberoasting, DCSync
- Data Exfiltration → HTTP/DNS tunneling, Cloud exfiltration
- MITRE ATT&CK Mapping
Phase 4 – Malware Development & Evasion (1–2 months)
Goal: Create custom tools to bypass defenses.
- Sektor7 – Malware Development Essentials
- Sektor7 – Advanced Malware Development
- Sektor7 – AV/EDR Evasion
- Shellcode Development → Offensive Security Exploitation Expert materials
- Custom Droppers & Loaders
Phase 5 – Cloud Red Teaming (1–2 months)
Goal: Exploit modern cloud environments.
- AWS & Azure Red Teaming → SANS 560 or AWS Goat Labs
- Cloud Pentesting → IAM misconfigurations & attack paths
- Hybrid Attack Simulation → On-prem to Cloud lateral movement
Phase 6 – Full Adversary Simulation (Ongoing)
Goal: Execute complete campaigns, mimic nation-state APTs.
- Build full lab with AD + Cloud + Perimeter + Security controls
- Run APT simulations (APT29, APT41, FIN7)
- Purple Teaming → Tools like Caldera, Atomic Red Team
- Reporting → Executive & Technical reports for engagements
Suggested Tool Mastery Throughout Roadmap:
- Recon: Nmap, Nessus, SpiderFoot, Recon-ng
- Exploitation: Metasploit, custom exploits, manual techniques
- C2: Cobalt Strike, Sliver, Mythic, Covenant
- Evasion: Obfuscation, LOLbins
- Scripting: Python, PowerShell, Bash
- Cloud: AWS CLI, Azure CLI, GCP tools
#RedTeam #CyberSecurity #Hacking #OSINT #PrivilegeEscalation #C2 #APT #HackTheBox #CyberOps
⭐️ @ZeroSec_team
Goal: Build strong OS, networking, and scripting basics before offensive work.
- Linux Fundamentals → TryHackMe – Linux Fundamentals
- Windows Fundamentals → TryHackMe – Windows Fundamentals
- Networking Basics → TCM Security – Practical Networking for Hackers
- Scripting → Python for Pentesters (TCM), PowerShell Basics (Pentester Academy)
- Security Mindset → Read "The Hacker Playbook 2" & "3"
Phase 1 – Web Application Penetration Testing (2–3 months)
Goal: Master exploiting and initial access through web apps.
- Burp Suite Mastery → PortSwigger Web Security Academy (all labs)
- Advanced Web Exploitation → PentesterLab Pro, Bug Bounty Bootcamp
- Web Red Team Labs → HackTheBox (Web Challenges), VulnHub (DVWA, Mutillidae, Juice Shop)
- Exploit Chaining → Combine SSRF + RCE + LFI for pivoting
Phase 2 – Network & Infrastructure Penetration Testing (2–3 months)
Goal: Learn external & internal network exploitation.
- External/Internal Pentesting → TCM – Practical Ethical Hacking
- Active Directory Attacks → Pentester Academy – Attacking & Defending Active Directory
- Windows Privilege Escalation → TCM – Windows Privilege Escalation
- Linux Privilege Escalation → TCM – Linux Privilege Escalation
- Pivoting & Tunneling → HackTheBox "Pivoting" labs
Phase 3 – Advanced Red Team Ops (2–3 months)
Goal: Real-world Red Team operations & stealth techniques.
- SANS 540 – Enterprise Penetration Testing
- Initial Access Techniques → Phishing, Watering Hole, Supply Chain Attacks
- C2 Frameworks → Cobalt Strike, Sliver, Mythic C2
- Lateral Movement → Pass-the-Hash, Kerberoasting, DCSync
- Data Exfiltration → HTTP/DNS tunneling, Cloud exfiltration
- MITRE ATT&CK Mapping
Phase 4 – Malware Development & Evasion (1–2 months)
Goal: Create custom tools to bypass defenses.
- Sektor7 – Malware Development Essentials
- Sektor7 – Advanced Malware Development
- Sektor7 – AV/EDR Evasion
- Shellcode Development → Offensive Security Exploitation Expert materials
- Custom Droppers & Loaders
Phase 5 – Cloud Red Teaming (1–2 months)
Goal: Exploit modern cloud environments.
- AWS & Azure Red Teaming → SANS 560 or AWS Goat Labs
- Cloud Pentesting → IAM misconfigurations & attack paths
- Hybrid Attack Simulation → On-prem to Cloud lateral movement
Phase 6 – Full Adversary Simulation (Ongoing)
Goal: Execute complete campaigns, mimic nation-state APTs.
- Build full lab with AD + Cloud + Perimeter + Security controls
- Run APT simulations (APT29, APT41, FIN7)
- Purple Teaming → Tools like Caldera, Atomic Red Team
- Reporting → Executive & Technical reports for engagements
Suggested Tool Mastery Throughout Roadmap:
- Recon: Nmap, Nessus, SpiderFoot, Recon-ng
- Exploitation: Metasploit, custom exploits, manual techniques
- C2: Cobalt Strike, Sliver, Mythic, Covenant
- Evasion: Obfuscation, LOLbins
- Scripting: Python, PowerShell, Bash
- Cloud: AWS CLI, Azure CLI, GCP tools
#RedTeam #CyberSecurity #Hacking #OSINT #PrivilegeEscalation #C2 #APT #HackTheBox #CyberOps
⭐️ @ZeroSec_team
👍3❤1
🪲 #H2C Upgrade Bypass
Target: Applications using HTTP/2 Cleartext (h2c) upgrades.
The Core Idea: Many Web Application Firewalls (WAFs) and reverse proxies process HTTP/1.1 but fail to correctly inspect traffic after it's upgraded to HTTP/2.
How to Test:
1. Find a target that accepts an Upgrade: h2c header (common in Java, gRPC, and some reverse proxies like Nginx).
2. Send an initial HTTP/1.1 request with the upgrade header:
3. If the server agrees (responds with HTTP/1.1 101 Switching Protocols), the connection is now HTTP/2.
4. The Bypass: Craft and send malformed or smuggled HTTP/2 frames (e.g., with the :method header set to GET or POST). The downstream WAF may not parse this, allowing you to access internal endpoints or bypass security controls.
Why it works: The security boundary often only exists at the HTTP/1.1 layer. Once upgraded, your HTTP/2 traffic might be forwarded directly to the backend without inspection.
#BugBounty #Hacking #WebSecurity #WAFBypass #HTTP2
⭐️ @Zerosec_team
Target: Applications using HTTP/2 Cleartext (h2c) upgrades.
The Core Idea: Many Web Application Firewalls (WAFs) and reverse proxies process HTTP/1.1 but fail to correctly inspect traffic after it's upgraded to HTTP/2.
How to Test:
1. Find a target that accepts an Upgrade: h2c header (common in Java, gRPC, and some reverse proxies like Nginx).
2. Send an initial HTTP/1.1 request with the upgrade header:
GET / HTTP/1.1
Host: example.com
Upgrade: h2c
Connection: Upgrade
3. If the server agrees (responds with HTTP/1.1 101 Switching Protocols), the connection is now HTTP/2.
4. The Bypass: Craft and send malformed or smuggled HTTP/2 frames (e.g., with the :method header set to GET or POST). The downstream WAF may not parse this, allowing you to access internal endpoints or bypass security controls.
Why it works: The security boundary often only exists at the HTTP/1.1 layer. Once upgraded, your HTTP/2 traffic might be forwarded directly to the backend without inspection.
#BugBounty #Hacking #WebSecurity #WAFBypass #HTTP2
⭐️ @Zerosec_team
❤4
In this video, we solve the PortSwigger Web LLM Attack lab step by step.
🔹 Learn what Web LLM Attack is
🔹 See how to exploit it on the PortSwigger lab
🔹 Understand how this vulnerability can be applied in real-world scenarios
This video is perfect for anyone looking to improve their skills in web hacking, bug bounty, and penetration testing.
📌 Topics & Tags:
#WebLLMAttack #PortSwigger #WebSecurity #BugBounty #Hacking
💡 Tip: Don’t forget to like, comment, and subscribe for more web security tutorials!
https://www.youtube.com/watch?v=-UdUgl0pv4w
⭐️ @ZeroSec_team
🔹 Learn what Web LLM Attack is
🔹 See how to exploit it on the PortSwigger lab
🔹 Understand how this vulnerability can be applied in real-world scenarios
This video is perfect for anyone looking to improve their skills in web hacking, bug bounty, and penetration testing.
📌 Topics & Tags:
#WebLLMAttack #PortSwigger #WebSecurity #BugBounty #Hacking
💡 Tip: Don’t forget to like, comment, and subscribe for more web security tutorials!
https://www.youtube.com/watch?v=-UdUgl0pv4w
⭐️ @ZeroSec_team
❤2🔥1👌1