Offensive Security Track

Begin your offensive security journey by mastering the art of information gathering. Learn to conduct both active and passive reconnaissance using modern OSINT frameworks and automation tools. Develop skills in attack surface mapping, social engineering reconnaissance, and cloud infrastructure enumeration across AWS, Azure, and GCP platforms. Build comprehensive reconnaissance playbooks and automated OSINT pipelines that form the foundation of every successful engagement.

Master the techniques required to gain initial access to target environments. Explore modern phishing methods including HTML smuggling and browser-in-the-browser attacks. Dive into exploit development fundamentals with buffer overflow techniques, and advance your web application exploitation skills beyond the OWASP Top 10 with race conditions and prototype pollution. Learn to identify Active Directory misconfigurations and execute password spraying campaigns at scale. Complete full attack chains from reconnaissance to initial foothold.

Learn to maintain access and operate covertly within compromised environments. Deploy and customize modern C2 frameworks including Mythic, Sliver, and Havoc while understanding critical OPSEC considerations for defensive evasion. Master Windows persistence mechanisms through Scheduled Tasks, WMI, and Registry modifications, alongside Linux persistence and living-off-the-land techniques. Develop privilege escalation skills for both Windows and Linux systems. Deploy custom C2 profiles and establish persistent access that survives system reboots and security scans.

Achieve complete domain compromise through advanced Active Directory attack techniques. Utilize Bloodhound for attack path identification and execute sophisticated Kerberos attacks including Kerberoasting, AS-REP roasting, and delegation abuse. Master NTLM relay attacks and coercion techniques, along with credential theft methods like Pass-the-Hash, Pass-the-Ticket, and Overpass-the-Hash. Learn Golden and Silver Ticket attacks, certificate abuse, and modern Azure AD/Entra ID attack vectors. Practice full AD compromise scenarios and multi-forest pivoting in realistic lab environments.

Master the final stages of offensive operations by learning covert data exfiltration techniques that evade detection. Explore cloud storage abuse across S3, Azure Blob, and Google Drive platforms. Implement steganography and encoding methods for evasion, and understand proper cleanup and anti-forensics procedures. Develop professional report writing skills essential for offensive engagements. Simulate advanced persistent threat (APT) objectives and deliver comprehensive, actionable reports that communicate technical findings to both technical and executive audiences.

Culminate your training with comprehensive red team operations that simulate real-world adversaries. Learn red team planning methodologies and threat emulation using the MITRE ATT&CK framework. Conduct physical security assessments and participate in purple team exercises that foster collaboration between offensive and defensive teams. Execute a multi-week full engagement simulation that tests all skills acquired throughout the program. Complete a capstone project featuring a complete red team engagement with professional reporting, presenting your findings to industry professionals and university partners.