Cyber Warfare


Table of Contents


This training is an advanced course that covers topics in the Red-Team Cyber Warfare methodologies. The participants will get an in-depth look into the mind of a Black-Hat hacker.

The training includes defense and offense and takes a deep dive into its practical world using the CYBERIUM ARENA simulator. Participants will learn the different information-gathering tools and security bypassing products that can be leveraged to attack against every layer of defense.

How to make the most of this course?

In order to succeed in the course, the following requirements must be met:

  • Participation in all practical laboratories
  • Self-work at home between lessons
  • Repetition of materials, self-learning, performing tasks, etc…

In addition to regular classroom studies, the participant is required to practice at least 10 hours a week in order to gain practical experience in the field.
A personal computer suitable for running virtual machines, with an Internet connection
Transition of the scenarios in the Cyberium Arena.

Target audience

IT Professionals and Organizations that would like to embrace Red-Team’s capabilities


  • Acquiring the knowledge and tools to become a better Red-Team member
  • Becoming familiar with a variety of available tools for performing security-related tasks
  • Becoming familiar with a variety of attack scenarios
  • Understanding different attack possibilities
  • Using automation as a Red-Team member


  • ThinkCyber Level-2 Courses



In this module, participants will learn to act as Red-Team while attempting to gain information about the target using brute-force, to craft discovery tools, and to fingerprint websites. Furthermore, participants will learn to use social engineering skills to trick the target into revealing information and their location.

Technical content

  • Advanced Web-Discovery
    o DNS Bruting
    ▪ Amass
    ▪ Sublist3r
    ▪ aiodnsbrute
    o Passive Discovery
    ▪ awesome-osint
    ▪ ShodanHat
    ▪ LinkedInt
    o Crafting Discovery Tools in Bash
    o Using recursebuster
    o Cloud AWS S3 Buckets using inSp3ctor
    o Fingerprinting Web Applications
    ▪ BlindElephant
    ▪ Red-Team Banner Grabbing
    ▪ Firewall Detection using wafw00f
  • Gaining Information about the Target
    o Advanced Social Engineering Techniques
    o The Browser Exploitation Framework (BeEF)
    o Tracking user Locations using Google API
    o Enumerating Services
    ▪ Extracting Users from SAMBA
    ▪ NetBIOS
    ▪ RPCClent
    o Vulnerability Detection and CVE identifying
    o Shodan CLI
    o Maltego Teeth


This module is all about gaining access at any cost. Participants will learn to build a password list for brute-force wordlist attacks, perform advanced fuzzing, and finally automate the attacks. Also, participants will practice advanced Red-Team attacks over the network using various specialized tools.

Technical content

  • Gaining Access
    o Creating Password Lists
    ▪ Wordhound
    ▪ Brutescrape
    ▪ Gitrob
    ▪ CUPP
    ▪ Crunch
    o Online Brute-Force to Gain Access
    ▪ SSH Bruting using Hydra
    ▪ Burpsuite Intruder
    ▪ RDP Cracking using Crowbar
    o Fuzzing
    ▪ Application Fuzzing
    ▪ Protocol Fuzzing
    ▪ File Format Fuzzing
    ▪ Fuzzers Advantages and Limitations
    o Crafting Malware from Source using The-ZOO
    o Automating the Attack
    ▪ Advanced Features of Metasploit
    ▪ Crafting Scapy Tools
    ▪ Forging RC Scripts
    ▪ Automating Empire’s API using DeathStar
  • Network Attacks
    o Exposed Printers Abuse
    o Advanced MiTM Techniques for Red-Teams
    ▪ Using the DHCP Protocol to Gain MiTM Status
    ▪ DNS Proxy Crafting using DNSChef and MiTMProxy
    o Catching LLMNR and NBT-NS Credentials using Responder
    o DHCP Starvation Usages and Advantages
    o Flooding SIP and SDP Invite Protocol using inviteflood
    o Advanced DDoS using UFONET-Framework
    o Paralyzing Windows Hosts using Default Services


During this module, participants will learn a variety of methods to gain higher access to the exposed target, such as offline brute-forcing, disabling the SSL function, spying over VoIP and WSL, and more.

Technical content

  • Escalating Privileges
    o Using Meterpreter for Privilege Escalation
    o Gaining Passwords Using Offline Brute-Force
    ▪ John The Ripper
    ▪ Cain and Abel
    ▪ L0phtCrack
    ▪ DaveGrohl
    o Privilege Escalation using Vulnerable Services
    o Uncovering Hidden Credentials on Windows Server using BloodHound
    o Seemless SSL-Striping
    o Intercepting and Abusing WSL Service
    o Spying on IP-Phones using VoIP-Hopper and ohrwurm
    o Red-Team NSE User Enumeration
    o Windows and Linux Exploit-Suggesters
  • Maintaining Persistence
    o Crafting Backdoors
    ▪ Msfvenom
    ▪ Nishang
    o Firewall, IDS and Honeypot Evasion Techniques
    ▪ Recompiling the Backdoors
    ▪ Forging Tunnels using the HTTPTunnel Tool
    ▪ Using SSH to Hide Backdoor Traffic
    ▪ Using Automater to Identify Honeypots
    o Linux Rootkits for Red Teams
    ▪ Linux Boot Process
    ▪ Browsing the Kernel Code
    ▪ Accessing User Space Process Memory
    ▪ Understanding the Kernel Network Stack


This module will demonstrate to the new Red-Team the usage of advanced techniques to map the exposed network from the inside, and finally, gain control of the main components of the network.

Technical content

  • Mapping the Exposed Network
    o Advanced Nmap Reports
    o Abusing SQL Server Trust
    o Trusted Features of PowerShell
    o Finding Exposed Targets using CrackMapExec
    o Querying Active Directory
    ▪ Advanced ACL/ACE Bloodhound
    ▪ DNS Beacon
    ▪ Empire – Info Module
  • Taking Over the Network
    o Pass-the-Hash
    o Harvesting Kerberos Tickets
    o Abusing the DCOM application
    o Empire – PSInject
    o Building a Keylogger
    o THP Red-Team Droppers
    o Domain-Control Dump
    o Advanced Linux Pivoting using mimipenguin


The following labs are part of the actual RT420 course:
  • Lab 1 Advanced Web-Discovery
  • Lab 2 Network Attacks
  • Lab 3 Gaining Access
  • Lab 4 Privilege Escalation
  • Lab 5 Maintaining Persistence
  • Lab 6 Pivoting and Tunneling
  • Lab 7 Controlling the Network
  • Lab 8 Command and Control
  • Lab 9 Red-Team PowerShell
  • Lab 10 Working with VPNs
  • Lab 11 Securing Linux
  • Lab 12 Securing Windows

Real cases studies


 Course type

This course is delivered in the following ways:

  • Virtual classroom with proctored labs and scenarios executed in our Cyberium Arena
  • In situe classroom with proctored labs and scenarios executed in our Cyberium Arena

All sessions are recorded and attendees can replay them  during 30 days. All course material is electronically made available to the participants.

 Course Group: FOUNDATION


 Hands-on / Theory MiX

The following course is incorporates a high level of hands-on labs exercises, as well as real life study cases:
1 %
Case Studies


This course prepares the participant to the following certification:

  • OSCP (Offensive Security)

Required EqUIPMENT

Network connection

As this course extensively uses a cloud based Learning Management System, including a lab arena, attendees need a stable broadband connection to the Internet.

BYOD – Bring Your Own Device

As it is a very practical course, and in order for the participants to make the most of the course, they need a laptop with the following capabilities:

  • Audio and Video
  • 8 GB RAM
  • 200 GB Disk Space
  • Virtualization capabilities ( supporting latest version of Virtualbox or similar virtual machine application)

And also a Good Headset with Mic

More Details