Browse CTFs New CTF Sign in
Back to Learning Paths
Red Team Operator / Corporate Pentest Capstone
Advanced Wave 2 Draft

Red Team Operator / Corporate Pentest Capstone

25.0h estimated 3 Courses

Advanced certification for red team operators. Covers corporate pentest chain, pivot, post-exploitation, and reporting.

Sign in to enroll

Corporate Pentest Chain and Pivoting

25 cards

Vigenère Cipher Cryptanalysis: Kasiski Examination and Index of Coincidence Attack

cloud_container_security Difficulty 1–5 30 min

Cracking Columnar Transposition Ciphers: Key-Length Detection and Column Reordering

cloud_container_security Difficulty 1–5 30 min

AES-ECB Block Alignment Attack: Exploiting Deterministic Encryption for Oracle Leakage

cloud_container_security Difficulty 1–5 30 min

CBC Padding Oracle Attack: Byte-by-Byte Plaintext Recovery via PKCS#7 Error Responses

cloud_container_security Difficulty 1–5 30 min

AES-CTR Nonce Reuse Attack: XOR-Based Keystream Recovery and Plaintext Decryption

cloud_container_security Difficulty 1–5 30 min

Exploiting Symmetric Key Reuse Across Users: Cross-Account Ciphertext Oracle Attacks

cloud_container_security Difficulty 1–5 30 min

Extracting Hardcoded Symmetric Keys from Binaries via Static Reverse Engineering

cloud_container_security Difficulty 1–5 30 min

Attacking Weak Key Derivation Functions: Dictionary Attacks on Under-Iterated Password Hashing

cloud_container_security Difficulty 1–5 30 min

XOR Keystream Reuse Attack: Many-Time Pad Cryptanalysis and Statistical Key Recovery

cloud_container_security Difficulty 1–5 30 min

Cracking RSA Small Public Exponents: Cube-Root Recovery and Low-Exponent Bias

cloud_container_security Difficulty 1–5 30 min

RSA Broadcast Attack: CRT-Based Plaintext Recovery Across Multiple Recipients

cloud_container_security Difficulty 1–5 30 min

Factoring Weak RSA Primes via Fermat Factorisation and Pollard p-1 Method

cloud_container_security Difficulty 1–5 30 min

WAV spectrogram stego

cloud_container_security Difficulty 1–5 30 min

WAV echo stego

cloud_container_security Difficulty 1–5 30 min

LSB RGB stego

cloud_container_security Difficulty 1–5 30 min

Bit plane image stego

cloud_container_security Difficulty 1–5 30 min

Alpha channel LSB stego

cloud_container_security Difficulty 1–5 30 min

XOR two-image stego

cloud_container_security Difficulty 1–5 30 min

DCT block image stego

cloud_container_security Difficulty 1–5 30 min

Recovering Wide Strings (UTF-16LE) from Memory: C2 URL and Credential Extraction via Volatility

cloud_container_security Difficulty 1–5 30 min

Detecting XOR-Encoded Payloads in Memory Dumps: Entropy Analysis and Brute-Force Key Recovery

cloud_container_security Difficulty 1–5 30 min

Underground Forum-to-Pastebin OSINT Pivot: Alias Correlation and Leaked Document Discovery

osint_soc_enrichment Difficulty 1–5 30 min

Email-to-S3 OSINT Pivot: SMTP Reconnaissance Chaining to Cloud Storage Data Exposure

osint_soc_enrichment Difficulty 1–5 30 min

WHOIS-to-Employee OSINT Chain: Domain Registration Pivoting to Internal Staff Identification

osint_soc_enrichment Difficulty 1–5 30 min

Social-to-Chat OSINT Pivot: Instagram-to-Messaging Platform Identity Correlation

osint_soc_enrichment Difficulty 1–5 30 min

Controlled Post-Exploitation and Impact Assessment

15 cards

Advanced GOT Overwrite: 64-Bit Multi-Byte %hn/%hhn Writes with Null-Byte Bypass

binary_exploitation Difficulty 1–5 30 min

Format String Arbitrary Write: Exploiting %n for GOT Overwrite and Code Redirection

binary_exploitation Difficulty 1–5 30 min

Integer Truncation Exploitation: 64-to-32-Bit Narrowing, Size Check Bypass and Memory Corruption

binary_exploitation Difficulty 1–5 30 min

Signed/Unsigned Confusion Exploitation: Negative Index Underflow and Memory Corruption via Sign Mismatch

binary_exploitation Difficulty 1–5 30 min

Advanced seccomp Bypass: 32-Bit int 0x80 Syscall Table Exploitation Outside 64-Bit Filter Coverage

binary_exploitation Difficulty 1–5 30 min

Docker Volume Misconfiguration: Sensitive Host Path Exposure and Container-to-Host Escalation

binary_exploitation Difficulty 1–5 30 min

Privileged Container Escape: Linux Capability Abuse and Host Device Access for Breakout

binary_exploitation Difficulty 1–5 30 min

Kubernetes Dashboard Unauthenticated Access: Pod Creation, Secret Enumeration and Admin Escalation

binary_exploitation Difficulty 1–5 30 min

Kubernetes RBAC Privilege Escalation: ClusterRoleBinding Abuse and Service Account Token Misuse

binary_exploitation Difficulty 1–5 30 min

Kubernetes Secret Enumeration in Cluster: Namespace Traversal and Sensitive Data Extraction

binary_exploitation Difficulty 1–5 30 min

Kubernetes Service Account Abuse: Token-Based API Access and Lateral Movement Within Cluster

binary_exploitation Difficulty 1–5 30 min

IAM policy misconfig

binary_exploitation Difficulty 1–5 30 min

Analyzing Kerberoasting PCAP Captures via TGS-REQ Identification and Hashcat Ticket Extraction

binary_exploitation Difficulty 1–5 30 min

Decrypting TLS Traffic via SSLKEYLOGFILE Integration and Encrypted Session Reconstruction

binary_exploitation Difficulty 1–5 30 min

Analyzing gRPC PCAP Captures via HTTP/2 Stream Identification and Protobuf Parameter Extraction

binary_exploitation Difficulty 1–5 30 min

Report, Detection Replay and Debrief [Non-CTF]

0 cards

No cards in this course yet.

🏅

CTFFactory Red Team Operator — Advanced

Advanced credential — awarded upon completion