Red Team Expert
A comprehensive training program covering infrastructure and information system penetration testing.
248 Hours
Red Team
248 Hours
Red Team


Of all the roles involved in corporate cyber defense, red teams and penetration testers are arguably the most important. These teams are proactive rather than reactive; they preempt attacks rather than merely responding to them. Red teams and penetration testers challenge the security suite; push it to its limit; and pinpoint information, identification, counterterrorism, enforcement, containment, and repair any holes. Without their help, organizations are essentially sitting ducks, just waiting for the next disaster to happen. The technical knowledge required to successfully attack information systems is extensive and profound. To “break” something, you must first understand how it works. The deeper an attacker’s understanding of information systems, the more covert their activity and the greater their capacity to hurt organizations.  
To successfully complete this Red Team Expert program, students must demonstrate deep technical understanding and spend significant time trialing and experimenting with new approaches. They must tackle complex challenges and realistic simulated scenarios with no obvious solution or resolution method. Those who persevere when the challenge seems insurmountable have the best chance of graduating from this course.

The course covers the following topics:


It’s important to improve the accordion’s behaviour

  • The attack lifecycle
  • OSINT and passive information gathering
  • DNS enumeration
  • Whois and other public resources
  • Active scanning and host discovery
  • Port scanning and service/OS fingerprinting
  • Application vulnerability scanning (SMB, SNMP, LDAP, HTTP)
C2 Connections
  • Reverse shell connections
  • Bind shell connections
  • Encrypting control connections
  • Session management with Metasploit
  • Evading detection
Web Application Hacking
  • Penetration testing and web applications
  • Meet the Web stack
  • Profiling Web servers
  • Data store injections (SQLi, NoSQL)
  • Client-side injections (XSS, CSRF)
  • Detecting OS command injections
  • File inclusion vulnerabilities (LFI/RFI)
  • HTTP parameter pollution
  • Insecure Direct Object References
  • XML external entity injection (XXE)
  • Attacking deserializers
  • Server-side request forgery (SSRF)
  • Flaws in cryptographic implementations
  • Web app testing methodology
MS Domain and Active Directory Attacks
  • Dive into PowerShell and WMI
  • Active Directory enumeration
  • Uncovering hidden and hard-to-find attack paths
  • Abusing MS services
  • Domain privilege escalation
  • Domain persistence and backdooring
  • Cross-forest persistence and trust attacks
Reverse Engineering and Binary Exploitation
  • Introduction to ASM x86
  • The PE format and WinAPI
  • Working with debuggers
  • Practical Assembly
  • Introduction to IDA
  • Reversing unknown binary with IDA
Final Enterprise Hacking Challenge
  • Multi-machine, multi-segment domain challenge
  • Server exploitation vectors
  • Client exploitation vectors
  • Post-exploitation and Lateral Movement
  • Security evasion
  • Data exfiltration
Don't touch this tab

SOTERIA Global is a global leader in cyber-security training solutions and services.

The cyber world is now a part of our everyday life. New technology emerges daily, and as opportunities increase, so do cyber risks. Threats constantly evolve, and we must protect our valuable assets.

A successful cyber defense has many factors, but they all have one thing in common: dedicated, skilled individuals.

SOTERIA Global experts develop our solutions and rely on the best technological assets in the market. Our impressive global presence expands over four continents, giving us access to the best cybersecurity professionals.

Our solutions range from customized training programs to developing cyber-oriented facilities, ensuring that individuals and organizations are ready to face real-world threats. Over the years, we have worked with various organizations across many sectors, giving us the skillset to shape and adapt our solutions to meet our client’s needs.

    • Infrastructure and/or application penetration testers,
    • Red teams
    • Vulnerability researchers
    • Graduates of the Cyber Essentials program
    • Advanced knowledge of Windows operating systems and domain services
    • Advanced knowledge of Linux/Unix operating systems
    • Advanced knowledge of TCP/IP protocols
    • Basic programming skills
    • Familiarity with Internet technologies e.g. HTTP, HTML, CSS, JavaScript, SQL, PHP, node.js
    • Familiarity with Windows and/or Linux internals is advantageous
    • Experience programming with C and/or x86 ASM is advantageous
    • Collecting intel on the network using relevant sources
    • Web application penetration testing
    • Infrastructure penetration testing
    • Using reverse engineering and binary exploitation