Overview
Red teaming is the practice of simulating attacks against systems to find vulnerabilities before real attackers do. For software engineers, understanding offensive techniques makes you a more security-aware developer — you recognize vulnerable patterns in your own code.
Ethical Use: All techniques are for authorized testing, CTF competitions, and lab environments only. Never apply them without explicit written authorization.
What You Will Learn
- Passive OSINT, active scanning, service enumeration
- Web application exploitation: SQLi, XSS, command injection, file upload
- Shell access, privilege escalation (Linux and Windows)
- Active Directory attacks: Kerberoasting, pass-the-hash, DCSync
- Lateral movement, persistence, data exfiltration
- Adversary simulation and red team reporting
Learning Path
| Level | Focus |
|---|---|
| Beginner | Recon, scanning, web enumeration |
| Intermediate | Exploitation, privesc, lateral movement |
| Advanced | AV evasion, C2, AD attacks, full-chain scenarios |
Start at By Example — Beginner or read the full by-example overview to see all 85 examples.
Last updated May 20, 2026