Just some reviews of Red Team Training courses (and some penetration testing courses too) that I have taken.
If you know of any Red Team training, or training that is close enough to be of benefit to Red Team operations, please drop me a line at redteamtrainingreviews @ redteamtrainingreviews.com and I will add it to this site. Not sure when I will get around to taking it, much less writing a review (both money and time are very tight at the moment), but at least I can have a placeholder for the future!
In case you are wondering, I decided to keep a page with a rough outline of which courses I signed up for and started taking, and the list can be found here.
I have a background in both server and network administration, some red team experience and some intrusion detection experience (with a smidgen of accidental DBA experience mixed in.)
Please don't think any of this came easily to me. It has taken years and years of hard work, constant learning and so many failures that it is barely believable. But one success can fill the void that a thousand failures have made. And I love to learn, so Penetration Testing / Red Team work is the perfect field. Let your failures teach you and always push forward.
Individual Courses listed under each providers page.
The top bar will now list training I have taken and reviewed, or training I have purchased and am getting ready to take and review. The list on the left hand side of the screen, below the About Me section, will list all training I can find related to Red Team & Penetration Testing. I have also created a LINKS page that I am in the process of updating.
Red Team Field Manual v2 (RTFM) https://www.thertfm.com/ has been released. Yes, I do personally know Ben and Nick (k>fivefour RTAC/RTJC...see my reviews for more info), and I do recommend you check this out. 'RTFMv2 is packed with updates and is now available in softcover, hardcover (coming Aug 2022), Kindle, and a new note taking edition as well.'
I finished APTLabs and my review for it, and Zero-Point Security's Red Team Ops course and most of my review of it. I also started Zero-Point Security's Offensive Driver Development class, and I need to start Sektor7's Windows Evasion class that I bought a while back.
I was slowly working my way through Zero-Point Security's Red Team OPs course when some friends mentioned starting APTLabs. I very quickly finished up RTO's course worked and jumped head first in to APTLabs.
I am 75% done with APTLabs and hope to finish the other 25% fairly soon. Then I will try and write-up my reviews of both and post them.
Wow. Over a month later and I am just now half way through Zero-Point Security's Red Team OPs course. So far it has been good, but I haven't had as much time to dedicate to it as I wanted. Maybe by next weekend I will have gone through the majority of the content and I can have a review up shortly afterwards.
I have been spending a lot of my time on HackTheBox and enjoying it while finishing up the Endgames (which were very fun).
I signed up for Zero-Point Security's Red Team OPs class. Review will soon follow, but I want a little time to dive into the labs first.
I forgot to upload my update on 21 February 2022, but I left it in for this update. TL/DR: I made Guru! I was so exhausted after reaching that point, plus, I was so busy with life, that I forgot to post. I did finish Undetected and Routerspace, and a couple of all of the Fortress except that one flag in Jet that I haven't figured out yet.
Now I am going to work on some retired Endgames to get used to those, and then I will try the two active ones.
I submitted a challenge and rolled over to Guru on HackTheBox...WOW! That was a lot of work.
I have been pushing super hard on Hack The Box lately. A few weeks back I was able to place in the Top 25 on the box Scanned (Insane). Today I was able to place higher in the Top 25 on the box Acute (Hard). I learned some seriously good stuff from both of those boxes.
But I am still about 10% away from my goal to get Guru rank. It has been pretty hard up until this point, and struggling just to maintain rank added to trying to move up has been nothing short of brutal at times.
So I have a LOT more learning to do, and more challenges to complete, to keep pushing through that final 10%. And if/when I make Guru rank, I plan to take a freaking well earned break. In the meantime, I have some really cool things to learn!
Happy New Year everyone. The journey to Guru on Hack The Box has been hard...very hard! I also found a little time the other day to sign up for The Cyber Plumber's Lab at The Cyber Plumbers Handbook. I do feel that having a WIDE variety of tunneling experience is a critical skill to have as a Red Team member.
After I finish the lab, I will write a small review, but since it isn't a full Red Team type course, I *probably* won't dedicate a page to it. That might change, but for now the plan is just a blurb on this page.
New Year and New Goals. I am working to come up with enought spare money to sign up for a course later this month, and then maybe one more before the end of the year.
I thought I was going to get Elite Hacker by starting/finishing Toby, but I am stuck pretty badly on that one. It is one of those times where there must be a gap in my knowledge that is keeping me from progressing, or either I reached a point with it that I was exhausted and not able to think straight. So I found a challenge that didn't seem too bad, and I finished that, but it didn't get me to Elite Hacker status.
At first I thought that I was going to have to figure out root on Hancliffe and was not looking forward to the headaches I would have from that one, but when I was going through the machine list, I realized I had overlooked Overflow. Look at my last update, and you can probably guess that I mentally blocked out Overflow. Overflows and stuff like that are not *YET* my strongest skillset. But, I was listed as a Hard box and not an Insane box, so I pressed the spawn button and waited for the box to spin up. A few minutes later and I started getting excited because it looks like the person that created the box left big hints.
Then I spent four hours waiting on a task to finish and when it did, the results indicated something was wrong. Checked my files and one of my applications spit out a format that it was not supposed to. I still don't know how that happened, but I went back and manually added some stuff, and started the process again. An hour or so later I am realizing I made a mistake. Corrected my mistake and suddenly I am moving forward, and then I have a shell on the box and see my path forward...
It didn't take long to find what I needed (shout out to the creator for not making that harder than it could have been), and boom, I had the user flag. I submitted the flag, and it was accepted. When I checked my stats, I had gone from 100 to 101 place, but I had finally reached Elite Hacker status and was working toward Guru.
This has been a super fast, brutal journey toward Elite and I shudder to think about pushing that hard to try and reach Guru. I still need to finish a few of the Fortress labs, and I have a ton of challenges to go, but there are some of those challenges I have started and just stopped and moved on from. And some challenges I thought I had working locally, but, when trying them out online, nothing seemed to work so maybe I will go back to those later.
All I will say is that I will spend the rest of December in "slow going" mode and push forward, and then I will start the new year with the Sektor7, TCM, OffSec and maybe the Zero-Point Security classes. 2022 is looking to be an amazing year already!!!!
Ugh!!! On second thought, I am going to dedicate 2022++ to learning reverse engineering, exploit development, antivirus evasion, strengthening my web assessments skills, and strengthing my programming skills overall. I signed up for a few classes over the Thanksgiving holidays, and will start those soon.
Trying to reach Elite Hacker status on Hack The Box is a heck of a lot harder than I thought it was going to be. I am always amazed at how different some things are now versus when I first started my journey in offensive security, and how some things seem just as hard as they were or at times even harder. And no matter how much I learn, there is always much much much more to learn!
I have done more code review in the past two weeks than I ever expected to do in my life. I have written more code (Python and Bash) in the past few weeks than I thought I ever would (luckily I can reuse previously coded stuff to speed things up, and there are so many examples on the web of how to do things that it helps a lot.)
I have dedicated a LOT of time to this effort. Many thanks to those who have stepped up to provide some hints, when needed, along the way. Maybe one day I will not have to ask for any hints, and can do it all by myself without even having to look at my notes; but, until then, I will continue pressing forward and learning as much as I can, because, after all, that is what it is really about...the learning.
If I make it to Elite Hacker status (or even if I don't), I am going to take a break and spend a few months on doing nothing but reverse engineering, exploit development and antivirus evasion. I need to strengthen areas that I am not that strong in, so, if you have any recommendations for training other than that already listed on this site, please let me know at redteamtrainingreviews @ redteamtrainingreviews.com
My rank is slowly decreasing, but I still have a very long way to go and I have gotten a LOT of the low hanging fruit so the real grind begins ... but you can watch my badge and maybe one day it will flip to Elite Hacker (if my brain doesn't implode from too much knowledge before then):
A few friends and I signed up for a CTF competition a short while back. None of us had as much time to invest into the competition as we would have liked, but we placed in the top 10 which I don't think was too bad. However, I realized that I had let a few of my skills get rusty and so I decided to go back to Hack The Box and try and few machines. After a couple of boxes to get me back in the groove, I decided to see if I can progress to Elite Hacker. I have spent a LOT of time working my way through a few boxes, and I have had a lot of fun doing it. I have identified a few weakness in my skillset as a result of this journey so far, but I have made a note of it and will work on strenthening those skills in the coming months.
So for now I am concentrating on finding a new, stable job, brushing up some skills, and figuring out my path forward.
I got a chance to alpha test the Yaksas CSC Red Team Adversary Emulation course lab, which means I had to rewatch some of the videos as I worked my way through the exploit path. I am still very impressed.
I did not start back on TCM Security's Windows Privilege Escalation course, instead, I received an email about a course I had never heard of. Yaksas CSC has a Red Team Adversary Emulation course, targeted toward beginners, and it was a great course. It was super easy and fast and I started and finished it this weekend. Check out my review, then check out the course for yourself.
I had planned to sign up for the Red Team Ops course so that I could force myself to use/learn a different C2 platform, but then I saw where the course is moving to Cobalt Strike, and using SnapLabs to host their labs... Well, now I am seriously saving up some money to sign up for this course.
The Cybersecurity & Infrastructure Security Agency (CISA) has released the Cybersecurity Workforce Training Guide. If you are currently (or plan to be in the future) a federal, state, local, tribal, territorial (SLTT) staff and are interested in cybersecurity, check this guide out at: https://www.cisa.gov/publication/cybersecurity-workforce-training-guide.
In other news, I had to stop watching TCM Security's Windows Privilege Escalation course when other events came up, but I hope to pick back up on it this weekend. I enjoyed it up to the part where I had to stop, so the remianing portions should be good as well. Then maybe I can get that reviewed and posted. I also need to write a quick review of Sektor7's Windows Persistence course.
Finished my review of TCM Security's "Movement, Pivoting, & Persistence" course, and posted a little review of it. I have already started the Windows Privilege Escalation course, and I am not going in to this course with any preconceived notions.
Hmmm, so I got a 50% off coupon from TCM Security and went ahead and signed up for TCM Security's "Hacker Bundle". Looks like I have more training to do over the weekend. At least it is a long weekend. So stay tuned, and I will let you know how it goes.
I signed up for TCM Security's "Movement, Pivoting, & Persistence" course. It was a very afordable price ($29.99), and only a few hours worth of training (5 hours), so it should provide something to do over the holiday weekend. Hopefully I will finish and write a review this weekend.
In other news, the flags on my GitHub page have been removed (GitHub also explained to me why it flagged in the first place) and so I can start adding content back to https://github.com/redteamtrainingreviews. I still may create a place on this site to host stuff as well, but for now this will do. But I guess I have to recreate all the subpages and find the code that I had been planning on hosting there.
I passed the PentesterAcadmey PACES certification exam. It was a very challenging, and rewarding, certification exam. All of the PentesterAcademy training that I have taken is top notch, and the price is very affordable (especially when paying out of your own pocket).
I just found out that my GitHub page was flagged and hidden, but I don't know why yet. I moved the 'OpenVPN Menu' script to my misc-notes repo and deleted all the other repos. I probably won't create specific repos, because what I planned to post was going to be generic scripts that made my life easier and just put them under the class I took when I wrote them (and truth be told, I usually take the generic ones and edit for specific things after I write them the first time.) If I ever get more free time, I may just host scripts on this site and not deal with Github at all, OR, I may create and sale a really cool PDF of things I do in these classes that I find other people do not do and makes things much simpler.
You can now e-mail redteamtrainingreviews @ redteamtrainingreviews.com and reach me with questions or comments.
I signed up to retake the PentesterAcademy PACES exam. That weekend is already starting to fill up with other life issues, so I don't know how well things are going to go. In other news, I finished the Sektor7 RED TEAM Operator: Windows Persistence Course and I got the CoC, but for some reason I didn't upload the review like I thought I did and so I will have to go back and find my notes and update that page.
Final note: Taking a non-red team job has been exceptionally hard for me. That being said, I have been planning the order of red team related training courses that I want to take to fill the void created when I quit my last job. I will try and keep my skills current, and I will try and give back to the community that has given so much to me.
It is a very sad day for me. For the second time, I have left a job working with along side a great group of people. The first time I left due to health issues, but this time I left due to money. Hopefully, in the near future, I will be able to afford some of the training classes that I have been wanting to take. And, as I start a new chapter in my life, I am going to try and push myself to branch out more and more and give a little back to the community.
Today I created a GitHub page. Check it out at https://github.com/redteamtrainingreviews I am going to be putting some of the scripts that I have written during these training classes that have made life easier for me. I am also going to work on a blog to highlight some of the TTPs that I have come up with while taking these training classes (specifically things that I did that others I have talked to didn't do and that I think may be helpful).
Having left Millennium Corporation, and the DoD Red Team community, I would like to state, for the record, that my views on the k>fivefour training are unchanged. It was very different from other training that I have taken, and highly relevant for the environment I was in. Maybe one day I will get to revisit the Journeyman course and test. And if you end up taking their training after seeing this website, please don't forget to tell them RedTeamTrainingReviews said "Hi!"
I have decided to attempt the GCB PACES exam again, and then I will possibly take Zero-Point Security's Red Team Ops course. These will most likely be my last red team oriented training/certifications as I will be leaving the red team community soon and will transition in to new and exciting career adventures. I have written some custom tools based off the k>fivefour RTJC class and the Sektor7 classes to prepare for PACES, and I plan to try harder on the GCB exam than I did the first time. (I will also sign up for and take the new Sektor7 class when it releases in May and write a review for that too.)
I just wanted to post to say that I might not be posting full reviews for a while (but I will probably go back and update some past reviews.) I also might sign up and retake the GCB exam (PACES) again, and if I do, I will update the review page. As soon as I get enough money to start taking more training, I will start posting more reviews, but I am not sure when that will be.
Well, the new year is upon us, and I have mostly finished Hack The Box - Dante. I have written the review for it and updated the page. Check it out if you have a minute, and if you are new to penetration testing and red team training, this might be a pretty cool place to start. In other news: Offensive Security released (EXP-301) Windows User Mode Exploit Development (OSED). After attending the "OffSec EXP-301 AMA Webinar", I am torn as to if I should take PEN-300 first or go in to this. I guess it will really depend on if I can get my employer to pay for it. I've have also added some links to new training sites that I have found.
I wish everyone a very happy happy new year. 2021 is only hours away!
I wish everyone a very happy holiday season, and hope everyone stays safe as the year draws to an end. As for my previous commments on INE/eLearnSecurity...I think I made a mistake. So I am guessing that the e-mail from INE that my downloadable content was for some really old CCIE stuff that I had forgotten about...I saw nothing to indicate it was for the eLearnSecurity content. I have broken the links for the eLearnSecurity reviews since there were no reviews and now the classes are found under INE and the certifications are under eLearnSecurity. Also, as well roll in to the new year, I am looking forward to the new classes and the deals that Offensive Security is going to be releasing. 2021 here we come!
I uploaded some CoCs that I hadn't gotten around to uploading yet. Also got an e-mail from INE and here is what it said: "Our records indicate that you purchased an INE course for download. Unfortunately, we will no longer be storing these course downloads on our platform after December 31, 2020. If you would like to save your course to your computer, please log into your account before December 31, 2020 and download it." I keep looking for good news in all these e-mails that I keep getting, but to me it all seems to be bad news and it seems to get worse with each e-mail. Their 'section' of this website is now scheduled to be removed as of December 31, 2020.
Sektor7 sent out an e-mail about Black Friday specials. All prices were reduced by $30 and no coupon was needed. Having just finished the Sektor7 "RED TEAM Operator: Malware Development Intermediate Course" review, I figured it was time to give the RED TEAM Operator: Windows Persistence Course a try. So I purchased the course, and then I got an e-mail about an hour later that the sale would go on all week (until the end of Sunday, December 6, 2020.) If you have been thinking about taking any of these courses, now is a great time to purchase them at a discount. I also missed that they offer a Certificate of Completion upon request. So I have requested CoCs for the courses I have completed and will add graphics to those pages as soon as I get the CoCs.
Happy Thanksgiving everyone! I added information to the Sektor7 "RED TEAM Operator: Malware Development Intermediate Course" review. I really enjoyed the second class as much as the first. I learned a lot during both of the Sektor7 courses, and I am looking to gain more knowledge on that subject. Plus, I hope to purchase the other Sektor7 training courses soon and write reviews on them. I have also updated my thoughts on INE/eLearnSecurity on the eLearnSecurity landing page, and, due to the way I currently feel toward them, I will probably remove that section early next year (unless something changes my mind between now and then). I am also waiting to get a little more information on Silent Break Security's Dark Side OPs before I update that subpage.
I added a little bit more information to the Sektor7 "RED TEAM Operator: Malware Development Essentials Course" review. I really enjoyed the class, and I am starting the Intermediate course.
Happy Halloween! I have made a few updates... I have started creating subpages, with a little information and links to the training provider's page, for the training listed on the lower right hand side of this page. I also had some free time this past week and have gone through the Sektor7 "RED TEAM Operator: Malware Development Essentials Course" and started my review of it. Plus, I also purchased Sektor7's "RED TEAM Operator: Malware Development Intermediate Course" and plan to start the course and review soon. Recently, I have also gotten a LOT more information on Silent Break Security's Dark Side OPs course and, since the class seems to be pretty amazing, I may add some of my thoughts to that subpage (and do a full review if I get to take the class in the future.)
I finished Hack The Box's Cybernetics, and I have updated the review section for it. I am also debating on what training class I plan to take next (but right now I don't have the funds for any training so maybe I will just work on some updates for this site!)
I finished Hack The Box's RastaLabs, and signed up for Hack The Box's Cybernetics. So I have also added a little to the review section for Cybernetics.
I am actually recovering faster than expected and am almost back to normal typing...almost, so there might be typos. I updated the site a little, added a course I forgot about, which was Virtual Hacking Labs, and I am working on the links pages where I hope to provide a huge list of training course for you to choose from. Some major updates to RastaLabs and some minor updates to AWAE. Oh, and check under Offensive Security's subpage for a link to their new Proving Grounds (in case you haven't seen that yet.)
I am about to have a short period of down time (probably no updates for September unless I learn to type with my left hand only) and so I was looking for stuff to do after my AWAE time expires. I was thinking about CTP. I happen to see the Offensive Security news release, very shortly after it was posted, about the retirement of the CTP and the changes to the OSCE. Read more about that here! As I do not feel I will be able to afford the class before it expires, and getting back in to AWAE this month has been very slow going for me and the idea of retaking that test in the next year or so does not sound like a good idea, I am thinking of removing the CTP page from my Offensive Security subpage, and possibly giving up on future Offensive Security training (yeah, that probably won't happen, but still), and trying to find something else to fill my time. (I did find a few new sites that offer "Red Team" training, and I will be updating my page to include them soon.)
My frustration level last night hit a high point while trying to get some time in the Offensive Security - AWAE class. It didn't have anything to do with Offensive Security or their labs... it was my Kali Linux VM that kept freezing over and over again and requiring a reboot and then required me setting everything back up in the lab before it froze again and I had to start over. So, I updated my Kali Linux VM, shut down for the night, and decided to take a break tonight and also take one of my co-worker's advice (which was to update RTJC while it is still fresh in my mind.) I had kept notes during the class, but just never moved them over.
Updates as of 02 August 2020
I added to the Offensive Security - AWAE class to capture some of the feelings I remembered from my first time and some of the differences this go around.
Updates as of 01 August 2020
I added to the eLearnSecurity section while I am waiting on my new AWAE class time to start.
Updates as of 26 July 2020
I already had most of the Attacking Active Directory with Linux Lab review written, and part of the CyberWarFare Lab review written. So I copy/pasted the review into their place holders, and added the formatting and then did a little editing and adding and got both reviews up. Although I need to go through the entire site and review for spelling and grammar, at least the gist of what I am trying to say is there.
Updates as of 24 July 2020
I signed up for the Attacking Active Directory with Linux Lab from PentesterAcademy and have been working on that review. I am almost done with the third path of CyberWarFare Labs and have been working on the review of that as well. I have also added a section for Sektor7 training, and I have the Malware Development Essentials course, but I only watched the first video and got side tracked. PLUS: I am working on a review of the k>fivefour Red Team Journeyman Training course. Please bear with me because I also start 30 days worth of the updated AWAE class from Offensive Security. They added 50% more content, and I wanted to get the upgrade and go through it. Oh, and I also started back on RastaLabs, had a much better experience this go around, so I need to get around to updating that review soon too.
Updates as of 14 March 2020
New stuff added to the RTAC k>fivefour training page (cool new swag.) Updates to the "Hack The Box" Offshore (after the most recent update) and RastaLabs pages. I also finally got around to taking the PentesterAcademy GCB Exam and wrote a little about that (I didn't complete the exam.)
Updates as of 20 January 2020
The new year has started out at a crazy fast pace, and my whole site revamp is stalled so badly I think it might go in reverse soon. I have, however, taken a few minutes to add data to the "Millennium and k>fivefour" site to reflect their new course offering: Red Team Journeyman™ Course. And a little more on the "Hack The Box" Offshore page.
Updates as of 01 January 2020
New Year! New update. The holidays have been busy, but I have gotten to invest a little time in Hack The Box's Offshore labs. I wrote a quick blurb so I can say I updated this site, but I hope to get back in the swing of the site re-working. And if you are wondering, my New Year's Resolution is the same as my everyday resolution: 1) To Learn New Things and 2) To be better tomorrow than I am today.
Updates as of 14 December 2019
OMG! I finally finished GCB and the last few sections were well worth the entire cost of the course alone. I updated the review a little, and am still working on the site revamp, but that is going slower than expected due to getting ready for the holidays and some time sensitive projects I need to complete.
Updates as of 08 December 2019
I am in the process of re-working the entire write-up sections for each review. I want to change the way I have presented information. More facts on the top, and then my ramblings at the bottom for those that want to read them. I think it will also help the reader compare training details so they can decide where to spend their hard earned dollars.
Today, however, I have updated a few pages in preparation of the re-working, and I added more to the GCB review.
As far as a potential RTJC class on the horizon... I saw a post on social media that the new RTJC course test was brutal. Two days! This isn't two days taking the test from the luxury of your home, but two days sitting in a class room with other people who are also taking the test. I'll bet it will be amazing, but brutal, when it is released!!!
Updates as of 15 November 2019
Made a few updates to the GCB Lab review. As of today, I am mostly done with Section 1 - 6, and I am getting to the sections that I really want to do, but, alas, I want to revisit Section 6 again this weekend so maybe over the holidays.
GREAT NEWS: I saw some chatter online this past week that indicates k>fivefour is working on the Red Team Journeyman™ Course (RTJC). Keep your fingers crossed that I eventually get to go, because I am crossing my fingers and toes crossed. And please keep your fingers crossed that I get the same teachers I had for RTAC!
I really want to see how this compares to the Pentester Academy classes.
Updates as of 11 November 2019
New update to the GCB Lab review. A minor update to another page. It has been a while, but I have been putting a lot of time into the lab, and I am not even halfway done.
Updates as of 24 October 2019
I am still having a blast in the GCB Lab. I learned several new techniques reading the PDFs and watching the videos, and now I am getting to use those techniques in the lab.
I haven't done much updating lately, but I have added a few tidbits here and there..
Updates as of 18 October 2019
I uploaded some photos, but I haven't done much writing/editing of the reviews as I have been a little more busy than normal.
I started GCB and have been through the videos. I have learned some really cool stuff, and gotten some time in the labs to put that learning to the test.
Updates as of 09 October 2019
I am still working on the PentesterAcademy reviews, and adding to the RTAC review, plus I took the PentesterAcademy Active Directory Lab exam not too long ago.
I will start PentesterAcademy's GCB Labs very soon, so I hope to write about it as I progress.
Updates as of 03 October 2019
I've made some progress on the Millennium Corporation and k>fivefour RTAC course, but I still want to add more to it.
I've also started on the PentesterAcademy reviews.
Updates as of 29 September 2019
Millennium Corporation and k>fivefour - Red Team Apprentice™ Course (RTAC)
I am currently working on my review of the RTAC class. I hope to have this complete soon and will then move to some of the PentesterAcademy courses.
Reviews of Red Team Training courses (and some penetration testing courses too) that I have taken. Copyright © 2022
Contact: redteamtrainingreviews @ redteamtrainingreviews.com