Red Teaming is used to enhance security by performing simulated attacks on the organization in order to detect network and system vulnerabilities. Hands-On Red Team Tactics starts with an overview of pentesting and Red Teaming, before giving an introduction of few of the latest pentesting tools. You will then move on to exploring Metasploit and getting to grips with Armitage. Once you have studied the basics, you will understand Cobalt Strike basic, usage and how to set up a team server of Cobalt Strike.

You will discover some common lesser known techniques for pivoting and how to pivot over SSH, before using Cobalt Strike to pivot. This comprehensive guide demonstrates the advanced methods of post-exploitation using Cobalt Strike and introduces you to Command-and-control servers (C2) and Redirectors. All this will help you achieve persistence using Beacons and Data Exfiltration, and will also give you the chance to run through the methodology to use Red Team activity tools like Empire during a Red Team activity on Active Directory and Domain Controller.

By the end of the book, you will have learned advanced penetration testing tools, techniques to get reverse shells over encrypted channels and processes for post-exploitation. In addition to this, you will explore frameworks such as Empire which include maintaining persistent access, staying untraceable, and getting reverse connections over different C2 covert channels.

Hands-On Red Team Tactics is for you if you are an IT professional, pentester, security consultant, or ethical hacker interested in the IT security domain and wants to go beyond Penetration Testing. Prior knowledge of penetration testing is beneficial.

Chapter 1, Red-Teaming and Pentesting, helps you understand about different standards of pentesting followed across the industry, and we went through the seven phases of the PTES standard in detail.

Chapter 2, Pentesting 2018, introduces you to MSF Payload Creator (MSFPC). We will also look at the use of resource files which were generated by MSFPC besides the payload file

Chapter 3, Foreplay – Metasploit Basics, teaches you about team server and the Armitage client, including the setup and usage of Armitage.

Chapter 4, Getting Started with Cobalt Strike, starts by exploring the red-team exercise as well as the concept of the cyber kill chain, which can be used for an attack plan. The chapter then introduces you to Cobalt Strike, the tool that is used for red-team operations.

Chapter 5, ./ReverseShell, explores what a reverse connection and reverse shell connection is using various tools. Furthermore, we will try different payloads to get reverse shell connections using Metasploit.

Chapter 6, Pivoting, dives into port forwarding and its uses. We will also learn about pivoting and its uses, followed by methods of port forwarding via SSH.

Chapter 7, Age of Empire – The beginning, introduces you to Empire and its fundamentals. We will also cover Empire's basic usage and the post exploitation basics for Windows, Linux and OSX.

Chapter 8, Age of Empire – Owning Domain Controllers, delves into some more advanced uses of the Empire tool to get access to the Domain Controller.

Chapter 9, Cobalt Strike – Red Team Operations, teaches you about the listener module of Cobalt Strike along with its type and usage.

Chapter 10, C2 – Master of Puppets, provides an introduction to command and control (C2) servers and discussed how they are used in a red team operation.

Chapter 11, Obfuscate C2s – Introducing Redirectors, introduces you to redirectors and the reason why obfuscating C2s are required. We have also covered how we can obfuscate C2s in a secure manner so that we can protect our C2s from getting detected by the Blue team.

Chapter 12, Achieving Persistence, dives into achieving persistence using Armitage's inbuilt exploit modules, then we will learn how to do the same via Empire on Windows, Linux, and macOS machines.

Chapter 13, Data Exfiltration, discusses about some basic ways of transferring data using simple tools like Netcat, OpenSSL and PowerShell. Next, we jumped into transforming the data using text-based steganography to avoid detection, as well as looking at the usage of the CloakifyFactory tool.

The readers should have prior knowledge to networking basics, Linux basic commands, Penetration Testing standards and hands-on experience in using tools such as Metasploit, Nmap, and so on.

The readers should have at least Linux installed for Red Team Engagement. Kali is recommended as it comes with pre-configured tools.

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://www.packtpub.com/sites/default/files/downloads/9781788995238_ColorImages.pdf.

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "Let's try to use the backdoor_lnk module by typing info."

Any command-line input or output is written as follows:

git clone https://github.com/g0tmi1k/mpc

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Click the Add an app button to add an application."

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at customercare@packtpub.com.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packt.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at copyright@packt.com with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packt.com.

The information within this book is intended to be used only in an ethical manner. Do not use any information from the book if you do not have written permission from the owner of the equipment. If you perform illegal actions, you are likely to be arrested and prosecuted to the full extent of the law. Packt Publishing does not take any responsibility if you misuse any of the information contained within the book. The information herein must only be used while testing environments with proper written authorizations from appropriate persons responsible.