Sharpen your Red Team skills: Outsmart detection

OffSec Learning Path: Red Teaming

Go beyond penetration testing: learn advanced techniques to emulate real-world adversaries. Master event tracing, obscure Windows event logs, and execute stealthy process injection to refine your Red Team arsenal. Learners will:

Embrace the adversary mindset and master Red Teaming concepts to emulate shrewd threats throughout the attack lifecycle
Obscure malicious activity by manipulating Windows Event Tracing
Develop robust Red Team tooling for evading detection

Get Started

Hero image for Sharpen your Red Team skills: Outsmart detection

Enhance your Red Team operations

This Learning Path equips you with the knowledge to conduct sophisticated Red Team engagements. Understand the core differences between penetration testing and Red Team operations, then learn stealthy attack techniques like impairing Event Tracing for Windows (ETW), tampering with event logs, and executing process injection to effectively simulate real-world adversaries and assess your organization's detection capabilities and defense gaps.

Who is this Learning Path for?

Red Team operators seeking to refine their evasion skills
Penetration testers aiming to transition into Red Team roles
Security professionals looking to simulate real-world adversary techniques

Learning objectives

Understand core Red Teaming concepts and methodologies
Learn the inner workings of Event Tracing for Windows (ETW) in user and kernel modes
Learn advanced Windows event log tampering techniques and automate the process
Develop proficiency in stealthy process injection methods to evade detection

Key modules in the Red Teaming Learning Path

Introduction to Red Teaming

Introduction to Red Teaming concepts and comparison to Pentesting and Vulnerability assessments

Impairing Event Tracing for Windows (ETW) in User Mode

Bypassing ETW logging via user mode techniques, while leaving minimal detection footprints

Impairing Event Tracing for Windows (ETW) in Kernel Mode

Bypassing ETW logging via kernel mode techniques, while leaving minimal detection footprints

Windows Event Log Tampering Techniques

Discussing and implementing techniques to disrupt the EventLog service or to edit Windows Log files by building tools in C#

Automating Event Log Tampering

Bundling the techniques introduced in the Module "Windows Event Log Tampering Techniques" into a standalone tool that can be used in real red team assessments to hide the tracks of an operator

Process Injection For Red Teamers

Performing process injection while evading advanced detection systems such as EDRs

View full syllabus

Red Teaming overview

modules

hours of content (approx.)

labs

Earning an OffSec Learning Badge

Showcase your growing Red Team proficiency! Upon completing 80% of the Red Teaming Learning Path, you'll receive an exclusive OffSec badge signifying:

Red Team expertise: Proven knowledge of stealthy Red Team tactics
Industry recognition: Adds a powerful OffSec credential to your skillset
Hands-on skill: Demonstrated ability to execute real-world evasion techniques