About RTG
Last updated
Last updated
Are you looking to master the art of red teaming and offensive security? Look no further than RTG– the ultimate guide to mastering red team tactics.
Our comprehensive collection of notes and insights provides a treasure trove of knowledge and insights gained through real-world pen-testing and red teaming experiments in a controlled environment. Our notes detail a plethora of offensive security methods, ranging from attacking low-hanging fruits, exploiting critical vulnerabilities, bypassing defenses, lateral movement and privilege escalation, and maintaining persistent access, to name a few...
As the author of RTG Notes, I draw on real-world outcomes to inform our tactics. By testing various techniques in a REAL WORLD RED TEAMING ASSESSMENT (RTA), we have gained a deep understanding of the methods that work best in the field. Our notes provide practical insights and tips based on our experiences, giving you a unique perspective on offensive security.
But RTG is more than just a resource for information – it's a learning platform. We encourage our readers to follow our lead and approach learning by doing. Our note-taking style shares our journey, mistakes, and successes along the way to provide valuable insight into how to approach and execute successful attacks.
We take pride in providing accurate and up-to-date references for the techniques we use, so you can be sure you're learning from the best. But we also welcome feedback from our readers on how to improve our methods, because we believe that sharing knowledge and collaborating within the community is key to advancing our skills.
The aim of this project is clear — leveraging my practical experience in Offensive Red Teaming, I will explore the contributions of other security researchers, implement both established and innovative attack methodologies in a controlled lab setting, and pursue my investigative research to accomplish the following:
• Initial Compromise Techniques: Understand the methods to establish a foothold within networks.
• Reverse Shell Concepts: Learn the creation and execution to maintain control over compromised systems.
• Writing Custom Reverse Shells and FUDs in C#: Learn to write your own reverse shells and other undetectable Fully Undetectable (FUD) tools using C#, which provides a rich set of features suitable for network-based applications.
• Privilege Escalation Techniques: Explore methods for both Windows and Linux to enhance access.
• Lateral Movement Strategies: Apply tactics to navigate through network environments effectively.
• Evasion Techniques: Investigate methods to avoid detection.
• Pivoting, Tunnelling, and Port Forwarding: Delve into advanced network manipulation techniques.
• Active Directory Attacks: Examine vulnerabilities within network services and architecture.
• Command and Control (C2) Frameworks: Develop and maintain robust systems for managing network breaches.
• MITRE ATT&CK Framework: Familiarize with this to enhance tactical cybersecurity understanding.
• Professional Tools: Experiment with tools used in penetration testing, coding, debugging, reverse engineering, and malware analysis to improve proficiency.
• Active Reconnaissance and Open-Source Intelligence (OSINT): Begin with gathering information through network scanning and public data.
• Social Engineering and Phishing: Manipulate human behavior to obtain sensitive information.
• Exploitation Techniques: Dive into Web App penetration techniques mostly used in getting the initial foothold: e.g. SQL Injection, LFI, RFI, File Upload, RCE, and so on…
• Network Scanning and Enumeration: Use tools like Nmap to identify network vulnerabilities.
• Post-Exploitation Techniques: Actions performed after gaining access, like data exfiltration and maintaining persistence.
• Mitigation and Remediation: Secure networks and systems against identified threats.
In short, RTG is not just a resource – it's a community.
Join us on our journey to master red team tactics and take your offensive security skills to the next level.
Caution:
Please be wary of assuming that all the information presented in these notes is infallible. The notes may not offer a complete or exhaustive explanation of the techniques or artifacts described, and there may be errors or inaccuracies present. Therefore, it is advisable to consult additional resources for verification.
Don't let yourself be lured into a false sense of security - always exercise caution and seek out multiple sources of information to gain a more nuanced understanding of the subject matter.
