Red Team Capstone Challenge

Welcome

Welcome to the Red Team Learning Path Capstone Challenge! If you are reading this, we hope you are ready to apply and test the knowledge that you have gained from the learning pathway.

This is an in-depth network challenge simulating a Red Teaming engagement. The challenge includes several phases structured around the cyber kill chain that will require you to enumerate a perimeter, breach the organisation, perform lateral movement, and finally perform goal execution to show impact. To best simulate how these engagements usually occur, there is no single right answer. Instead, there are multiple paths that can be used to achieve the final goal.

Tested Learning Objectives

• OSINT (Simulated)
• Enumeration & Fuzzing
• Phishing
• AV Evasion
• Lateral Movement
• AD Exploitation
• Linux and Windows Security Testing
• Privilege Escalation
• Post-Compromise Exploitation
  

A Word from the Challenge Author

This room is rated as hard, but because it is a mountain that lies ahead of you, it could have been rated as insane. However, when you break it down into the various stages of compromise that you have to achieve, no single one of these stages is actually hard; they just require attention to detail and sound application of the knowledge you should have learned by doing the Red Team Learning Pathway. Normal red team engagements last weeks and even sometimes months. Take this into consideration as you tackle the challenge.

This network was created to simulate what you would typically find on a real client engagement during a red team. None of the attack paths in this challenge were created as a fictional CTF. Instead, you will find misconfigurations and vulnerabilities that I have personally seen during engagements. However, you will also face the real challenges that I had to face with certain tools or techniques simply not working out of the box or having to use ingenuity to get something to behave in the way that you want it to. Similarly, on real engagements, the answer was never to pick up the phone and tell the client that "I can't compromise this host because the tool I'm using says XYZ error". That simply would not cut it. The answer was to start a debug process to try and understand what was different and to leverage this knowledge to adapt to be able to still perform the attack.

Some advice from me as you scale this mountain - firstly, make sure to properly read through the information provided. This information is to help you avoid attempting this as a CTF, which can cause frustration. Secondly, this challenge has multiple compromises per stage. If you get stuck on trying to get a specific attack to work, my suggestion would be to perform additional enumeration to try and discover other attack paths as well. Find your very own golden path to complete the challenge once, then go back and try to conquer other attack paths as well.

Most Important to Remember to Conquer this Capstone Challenge

• This is a practice exercise for Red Teaming, not a Capture the Flag game. Your CTF skills alone will not be sufficient to complete the challenge.
• The exercise tests the skills you learned in the Red Teaming Learning Path. We recommend completing at least 80% of this path before attempting the challenge. If you get stuck, go back to the path, as it covers the techniques you need.
• There are different ways to complete this exercise. If you have trouble with a specific attack, try different approaches and avenues.
• Carefully read Task 2 "Project Brief", as it contains crucial information you will need to complete the challenge.

Note that the "X days of access" message next to the room title refers to the time you have left in your particular network instance. We need to clear those out periodically to ensure a good user experience but rest assured, you'll be able to return to the room for as long as it's open to subscribers!