Red Teaming#




When discussing “red team techniques”, we are referring to the various ways in which a security team can simulate a real-world attack on their systems in order to test their defenses. This can include everything from social engineering attacks (e.g. phishing) to more technical attacks (e.g. privilege escalation). One of the most important aspects of red teaming is that it allows organizations to see their systems from the perspective of an attacker.


There are various tools that are used by red teams in order to assess and improve the security of an organization. Some of these tools include penetration testing, social engineering, and threat modeling. Red team tools can be used to identify vulnerabilities in an organization’s systems and to help create a plan to mitigate these vulnerabilities.

Poor Man’s Reverse Shells#

A reverse shell is a type of shell in which the primary purpose is to enable remote access to a machine, typically for the purpose of executing commands on the machine. Unlike a standard shell, which is typically accessed by logging into the machine, a reverse shell is accessed by connecting to the machine from another machine.

Password Dumping#

There are two main methods for obtaining passwords: password dumping and password cracking. Password dumping is the process of extracting passwords from a system that has already been compromised. This can be done manually, by an attacker who has physical access to the system, or remotely, by exploiting a vulnerability in the system. Once the passwords have been obtained, they can be cracked, which is the process of guessing the passwords using a computer program.


The image below proposes a workflow you can use to learn Red Teaming:

Red Teaming procedure and workflow