RED TEAM LAB

Think like an attacker. Break to understand. Master offensive security through hands-on exploitation of networks, Active Directory, and modern infrastructure.

⚠️ OFFENSIVE SECURITY — Educational Use Only — Stay Legal

Offensive Kill Chain

RECON

INITIAL ACCESS

PERSISTENCE

LATERAL MOVEMENT

EXFILTRATION

Exploits Mastered

Attack Coverage

Attack Vectors

2/5

Phases Complete

Network Attacks

Layer 2/3 exploitation and traffic interception

ARP Spoofing

Poison the network. Become the man in the middle. Intercept everything.

BEGINNER

Man-in-the-Middle

Ghost the wire. Read, modify, inject. They will never know you were there.

INTERMEDIATE

DNS Spoofing

Control their DNS. Redirect traffic to your infrastructure. They click, you own them.

BEGINNER

IP Spoofing

Forge your identity. Spoof the source. Attack from shadows.

INTERMEDIATE

Active Directory Attacks

Kerberos exploitation and domain persistence

Kerberoasting

Request service tickets. Crack offline. Domain credentials are yours.

ADVANCED

Pass-the-Hash

Hash is all you need. No password required. Authenticate as anyone.

ADVANCED

Golden & Silver Ticket

Forge Kerberos tickets. Domain persistence for years. Total control.

ADVANCED

AS-REP Roasting

No credentials needed. Target preauth-disabled accounts. Extract hashes anonymously.

ADVANCED

LLMNR Poisoning

Listen for broadcasts. Poison responses. Capture NTLMv2 hashes passively.

INTERMEDIATE

BloodHound

Map AD attack paths. Find shortest path to Domain Admin. Visualize ACL abuse opportunities.

ADVANCED

Lateral Movement

Move through the network. Escalate privileges. Maintain persistence.

PSExec

Execute commands remotely via SMB. Living off the land. Lateral movement made easy.

INTERMEDIATE

WMI Execution

Execute commands via DCOM/RPC. No file writes, no services. Stealthier than PSExec.

INTERMEDIATE

Remote Services

Access systems via RDP, WinRM, SSH. Interactive sessions for lateral movement.

INTERMEDIATE

Token Impersonation

Steal tokens from processes. Impersonate high-privilege users. Escalate without passwords.

ADVANCED

Web Exploitation

OWASP Top 10. Application vulnerabilities. Client and server-side attacks.

SQL Injection

Manipulate database queries. Extract data. Execute commands. OWASP Top 10 #1.

INTERMEDIATE

Cross-Site Scripting (XSS)

Inject malicious scripts. Steal sessions. Deface websites. Client-side code execution.

INTERMEDIATE

CSRF (Cross-Site Request Forgery)

Force authenticated users to execute unwanted actions. State-changing attacks.

INTERMEDIATE

File Upload Bypass

Upload malicious files. Bypass filters. Execute code. Web shells and backdoors.

ADVANCED

Password Cracking

Offline hash cracking. GPU acceleration. Dictionary and brute-force attacks.

John the Ripper

Crack passwords offline. 500+ hash formats. Dictionary, brute-force, and hybrid attacks.

INTERMEDIATE

Hashcat

GPU-accelerated cracking at 200 GH/s. Rules engine. Distributed cracking for massive wordlists.

ADVANCED

Wireless Attacks

Wi-Fi exploitation. WPA/WPA2 cracking. Deauth attacks. Evil twin.

Wi-Fi Deauth Attacks

Disconnect clients from APs. Force handshake capture. Evil twin attacks. Denial of service.

INTERMEDIATE

Aircrack-ng

Crack WPA/WPA2 passwords. Capture handshakes. Dictionary and brute-force attacks.

ADVANCED

Airodump-ng

Capture 802.11 frames. Monitor all channels. Identify targets and capture handshakes.

INTERMEDIATE

WPS PIN Attacks

Brute force WPS PINs. Reaver and Bully. Bypass WPA2 through router misconfiguration.

ADVANCED

Exploitation Frameworks

Metasploit. PowerShell Empire. Post-exploitation. Fileless attacks.

Metasploit Framework

Exploit database. msfconsole. Meterpreter shells. Post-exploitation and privilege escalation.

ADVANCED

PowerShell Empire

Pure PowerShell post-exploitation. Fileless attacks. Living off the land. Evade AV/EDR.

ADVANCED

Essential Red Team Resources

MITRE ATT&CK

Global knowledge base of adversary tactics and techniques. Map your offensive operations to real-world APT behaviors.

TTPsKill ChainAPT Mapping

Shodan

Internet-connected device search engine. Discover exposed services, vulnerable systems, and reconnaissance targets worldwide.

OSINTReconAttack Surface

Level Up Your Red Team Skills

Practice attacks on real systems and use professional offensive security tools

HackTheBox

Practice Platform

Practice these Red Team attacks on real vulnerable machines. 180+ active boxes to pwn.

The terminal built for this. AI command suggestions, workflows, and agent mode for offensive ops.

The AI code editor I switched to. Context-aware completions, chat, and agent mode for faster development.

Learn web application attack vectors. OWASP Top 10 vulnerabilities, tools, and testing methodologies.

Promoting our new tool to the dev team. Experience the next generation of development velocity.

EARLY ACCESS

Learn more →

Your Progress

RED TEAM LAB

Offensive Kill Chain

Network Attacks

ARP Spoofing

Man-in-the-Middle

DNS Spoofing

IP Spoofing

Active Directory Attacks

Kerberoasting

Pass-the-Hash

Golden & Silver Ticket

AS-REP Roasting

LLMNR Poisoning

BloodHound

Lateral Movement

PSExec

WMI Execution

Remote Services

Token Impersonation

Web Exploitation

SQL Injection

Cross-Site Scripting (XSS)

CSRF (Cross-Site Request Forgery)

File Upload Bypass

Password Cracking

John the Ripper

Hashcat

Wireless Attacks

Wi-Fi Deauth Attacks

Aircrack-ng

Airodump-ng

WPS PIN Attacks

Exploitation Frameworks

Metasploit Framework

PowerShell Empire

Essential Red Team Resources

MITRE ATT&CK

Shodan

Level Up Your Red Team Skills