OpenCourser brand icon
Sign in
We may earn an affiliate commission when you visit our partners.
Course image
Udemy logo

Offensive Security Engineering

4.5 Filled star Filled star Filled star Filled star Half star
Based on 761 ratings
see reviews
Casey Erdmann

The Offensive Security Engineering course focuses on the hands on skills it takes to run the infrastructure operations behind a "Red Team". This course will cover C2 frameworks such as Empire, Merlin, and even the Metasploit framework's C2 capabilities. In addition this course will cover multiple scenarios that will require students to configure custom drop boxes, reverse VPN tunnels, phishing campaigns, and more.

Read more

The Offensive Security Engineering course focuses on the hands on skills it takes to run the infrastructure operations behind a "Red Team". This course will cover C2 frameworks such as Empire, Merlin, and even the Metasploit framework's C2 capabilities. In addition this course will cover multiple scenarios that will require students to configure custom drop boxes, reverse VPN tunnels, phishing campaigns, and more.

This course is great for those who are already in IT or Security and are looking to expand their horizons to learn how the back end of an offensive security operation works. Whether you're a software developer, system administrator, or a newfound penetration tester, this course is for you.

Enroll now

What's inside

Learning objectives

  • Hacking
  • Command and control
  • Red team operations
  • Devops
  • System administration
  • Offensive security
  • Phishing
  • Golang
  • Terraform
  • Saltstack
  • Custom implant development
  • Vagrant
  • Serverless framework

Syllabus

Introduction

Course introduction. In this lecture the instructor introduces himself and goes over the course outline.

This lecture is a simple primer to help you configure and cover the fundamentals of Terraform.

Read more

This lecture is a simple primer to help you configure and cover the fundamentals of the Serverless Framework.

This lecture is a simple primer to help you configure AWS credentials and keys if you choose to follow along with the course material directly.

In this lecture we break down specific OSI model components and review a full stack app's network architecture. We also build out a mini "enterprise tier" network topology.

Simple quiz to see if you've got the fundamentals re-established.

In this lecture we go over the concepts of client/server communications, and bridge those concepts to the fundamentals of C2 communications.

This quiz will test if you are properly grasping the fundamental concepts of C2.

This lecture covers the concept of reverse VPN tunneling and walks through a hands on implementation for configuring this concept.

This lecture walks through the fundamental concepts of system administration in the context of DevOps. We explore tools like Terraform and Saltstack and explain the ideas of Infrastructure as Code and Desired State.

This quiz covers the concepts of infrastructure as code, desired state, and configuration management.

This lecture is a brief overview of what "Red Teaming" is and the purpose and value it provides.

This is a simple 3 question quiz to make sure we are setting some fundamental truths right about offensive security testing. Only one of them was covered in the lecture you will need to research on your own to discover the answers to the rest!

This lecture ties together the Red Team and Infrastructure Operations concepts together.

This is just a quick transitional lecture to overview the Scenarios that will be demonstrated throughout the course.

This lecture is a hands on walk through of setting up a simple C2 server with Terraform and Metasploit to conduct a classic exploitation scenario.

This lecture is a hands on walk through of performing some simple post-exploitation activities with Metasploit as our C2.

This lecture is a hands on walk through for configuring an OpenVPN based drop box scenario. Our drop box will make use of reverse VPN tunneling to give us remote access to an internal target network allowing use to compromise the systems within.

This lecture we continue into the post-exploitation phase of the drop box scenario. This is a hands on walk through involving the configuration and use of the Empire C2 framework.

This lecture covers the PwnDrop tool for hosting C2 implants as a lead into the next lecture where we will use it to serve Merlin C2 framework agents.

Using the PwnDrop tool to host a Merlin C2 agent to establish a post-exploitation presence on a compromised Windows host.

This lecture is a walk through on developing a custom C2 server and implant using python and golang.

This lecture goes over the primary scenario in this section and walks through configuring and using the Gophish platform for conducting a convincing phishing campaign.

This lecture walks through the entire scenario end to end including configuring a custom golang based Lambda redirector for our custom C2 implant.

This is a short lecture on how to configure Teamserver for multi-user C2 and Red Teaming for Cobalt Strike/Armitage.

This is a short lecture on how to configure Sliver for multi-user C2 and Red Teaming.

This lecture simply concludes the course with a few minor advisement notes and a thank you.

This test is a "final exam" of sorts to help see if you were able to retain key material from the course. It is comprehensive.

Traffic lights

Read about what's good
what should give you pause
and possible dealbreakers
Covers C2 frameworks like Empire, Merlin, and Metasploit, which are actively used in offensive security operations and penetration testing
Explores Terraform and Saltstack, which are valuable tools for automating infrastructure and configuration management in a DevOps environment
Teaches reverse VPN tunneling, which is a technique used to bypass network restrictions and access internal systems from external networks
Requires familiarity with networking concepts, including application network architecture, protocols (TCP, UDP, DNS, ICMP), and VPNs
Uses Metasploit, a framework that, while powerful, requires careful and ethical use to avoid legal and ethical issues
Involves phishing campaign configuration using GoPhish, which requires ethical considerations and adherence to legal regulations to prevent harm

Save this course

Create your own learning path. Save this course to your list so you can find it easily later.
Save

Reviews summary

Offensive security engineering fundamentals

According to the course materials, students may find this course covers the practical infrastructure aspects of offensive security operations. It appears to delve into configuring C2 frameworks, setting up reverse VPNs and dropboxes, and utilizing tools like Terraform and Saltstack for infrastructure management. The course seems designed for professionals looking to understand the backend of Red Team operations and potentially includes hands-on labs covering phishing campaigns and custom implant development. It likely assumes a prior technical background in IT or security.
Best suited for existing IT/Security pros.
"This course is great for those who are already in IT or Security..."
"It appears to assume some familiarity with network concepts and potentially sysadmin basics."
"Seems like it's not a beginner course and requires a prior technical foundation."
Covers Red Team infrastructure ops backend.
"This course focuses on the infrastructure operations behind a 'Red Team'."
"It's great for those in IT or Security looking to expand into offensive backend roles."
"The content centers on C2 frameworks, dropboxes, and reverse VPNs specific to operations."
Includes developing implants in Go/Python.
"The custom C2 implant development using python and golang sounds very advanced and useful."
"Learning to use Lambda as a redirector alongside custom implants adds significant value."
"Writing my own implant should provide deeper understanding than just using off-the-shelf tools."
Combines security tools with IaC/DevOps.
"I appreciate the blend of offensive tools like Empire/Merlin with IaC like Terraform/Saltstack."
"Learning how to integrate C2 with AWS Lambda redirectors seems very modern and useful."
"Understanding the DevOps side of offensive operations feels like a valuable and unique angle."
Hands-on labs cover key operations scenarios.
"I look forward to the hands-on walk throughs setting up C2 servers and dropboxes."
"The drop box scenario using OpenVPN sounds like a very practical exercise for red teaming."
"Developing custom implants in Golang is a great practical skill covered."

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Offensive Security Engineering with these activities:
Review Networking Fundamentals
Solidify your understanding of networking concepts before diving into offensive security, as a strong foundation is crucial for understanding C2 infrastructure and VPN tunneling.
Browse courses on Network Architecture
Show steps
  • Review the OSI model layers.
  • Study common network protocols like TCP, UDP, and DNS.
  • Practice subnetting and IP addressing.
Practice Terraform Scripting
Improve your Terraform skills by practicing scripting common infrastructure deployments, such as setting up a basic C2 server or configuring AWS Lambda functions.
Browse courses on Terraform
Show steps
  • Set up a Terraform environment.
  • Write scripts for common infrastructure tasks.
  • Test and debug your Terraform scripts.
Read 'Red Team Development and Operations'
Gain a deeper understanding of red team operations and methodologies to enhance your offensive security engineering skills.
View Melania on Amazon
Show steps
  • Read the book cover to cover.
  • Take notes on key concepts and techniques.
  • Relate the book's content to the course material.
Four other activities
Expand to see all activities and additional details
Show all seven activities
Read 'Black Hat Go'
Learn how to use Go for offensive security tasks, enhancing your ability to develop custom C2 implants and redirectors.
View Black Hat Go: Go Programming For Hackers and... on Amazon
Show steps
  • Read the book cover to cover.
  • Try out the code examples.
  • Adapt the examples to your own projects.
Build a Basic C2 Server
Apply your knowledge by building a simple command and control server using Python or Go, reinforcing your understanding of C2 frameworks and custom implant development.
Show steps
  • Choose a programming language (Python or Go).
  • Design the server-client communication protocol.
  • Implement basic C2 functionalities (e.g., command execution).
  • Test the C2 server with a simple implant.
Document Your C2 Setup
Solidify your understanding of C2 infrastructure by creating a detailed write-up of your C2 setup, including diagrams and explanations of each component.
Show steps
  • Diagram your C2 infrastructure.
  • Describe each component's function.
  • Explain the communication flow.
  • Document the configuration steps.
Contribute to a C2 Framework
Deepen your understanding of C2 frameworks by contributing to an open-source project, such as reporting bugs, writing documentation, or contributing code.
Show steps
  • Choose an open-source C2 framework.
  • Explore the codebase and documentation.
  • Identify areas where you can contribute.
  • Submit your contributions.

Career center

Learners who complete Offensive Security Engineering will develop knowledge and skills that may be useful to these careers:
Red Team Operator
A Red Team Operator simulates attacks on an organization to test its defenses. This course hones the skills needed to run the infrastructure operations behind a Red Team. The course dives into C2 frameworks, custom drop box configurations, and reverse VPN tunnels. The phishing campaign training prepares you to simulate social engineering attacks. You'll learn how to use tools like Empire, Merlin, and Metasploit, essential for Red Team operations. An understanding of Terraform and Saltstack is also key. This course helps build a solid foundation for a future as a Red Team Operator.
See salaries and explore the career path for Red Team Operator
Vulnerability Assessor
A Vulnerability Assessor identifies and analyzes security weaknesses in systems and networks. This course helps a Vulnerability Assessor understand the infrastructure operations behind offensive attacks. It provides a practical approach to discovering vulnerabilities. The course's coverage of C2 frameworks, custom drop box configurations, and reverse VPN tunnels helps you replicate real-world attack scenarios. This kind of work is very similar to what a Vulnerability Assessor does. The course emphasizes tools and techniques actually used by attackers, allowing you to stay ahead of the curve. The elements of system administration covered in this course may be especially useful.
See salaries and explore the career path for Vulnerability Assessor
Penetration Tester
A Penetration Tester identifies vulnerabilities in systems and networks to improve security. This course helps you understand the infrastructure operations behind security assessments, directly relating to the work of a Penetration Tester. You can learn to configure custom drop boxes and reverse VPN tunnels, mirroring real-world penetration testing scenarios. The course's Command and Control (C2) framework coverage helps you understand attacker techniques and improve defensive strategies. Learning how Red Teams operate is a major component of the job of Penetration Tester. The elements of phishing operations covered in this course may prove especially insightful.
See salaries and explore the career path for Penetration Tester
Information Security Analyst
An Information Security Analyst protects an organization's data and systems from cyber threats. This course helps you learn how to think like an attacker, by exploring techniques such as phishing, custom implant development, and reverse VPN tunneling. Understanding C2 frameworks enables you to detect and respond to command and control activity on networks. The course provides a practical, hands-on approach to understanding the offensive side of security, valuable for an Information Security Analyst. The Red Team component also helps with understanding attacker behavior.
See salaries and explore the career path for Information Security Analyst
Cloud Security Engineer
A Cloud Security Engineer focuses on securing cloud-based infrastructure and applications. This course helps you develop the skills to secure cloud environments from offensive attacks. The course covers using Terraform and Serverless Frameworks to configure and manage infrastructure. The reverse VPN tunneling knowledge helps you understand how attackers can bypass cloud security measures. The course emphasizes the offensive side of security, which helps a Cloud Security Engineer anticipate and mitigate threats. The aspects of system administration covered in this course may be especially useful.
See salaries and explore the career path for Cloud Security Engineer
DevSecOps Engineer
A DevSecOps Engineer integrates security practices into the software development lifecycle. This course may be useful for understanding the offensive side of security, and helps build a more secure development pipeline. The C2 framework coverage, custom implant development, and phishing campaign configuration provide a unique perspective. Those interested in working as a DevSecOps Engineer will benefit from understanding how attackers operate. The course's use of Terraform and Saltstack facilitates Infrastructure as Code, a core principle of DevOps. The course's phishing coverage may be especially interesting.
See salaries and explore the career path for DevSecOps Engineer
Security Consultant
A Security Consultant advises organizations on how to improve their security posture. This course helps you gain a deep understanding of offensive security techniques, useful for assessing vulnerabilities and recommending security improvements. The C2 framework, reverse VPN tunneling, and phishing campaign modules provide practical knowledge of attacker methods. The course's coverage of infrastructure operations provides you with a holistic view of security, beneficial for a Security Consultant. The elements of system administration covered in this course may be especially useful in this role.
See salaries and explore the career path for Security Consultant
Application Security Engineer
An Application Security Engineer focuses on securing software applications throughout the development lifecycle. This course helps you understand the offensive techniques used to target applications. The phishing campaign and custom implant development modules help you understand how attackers can bypass application security measures. Learning about C2 frameworks and reverse VPN tunneling provides insight into how attackers maintain access to compromised systems. The course may be useful for developing secure coding practices. This can help you to think like an attacker, which is a helpful skill for an Application Security Engineer.
See salaries and explore the career path for Application Security Engineer
Security Engineer
A Security Engineer designs, implements, and manages security systems to protect an organization's assets. This course helps you understand the offensive side of security, critical for a well-rounded Security Engineer. Learning about C2 frameworks, phishing techniques, and reverse VPN tunneling provides insight into attacker methods. This course may be useful for developing strategies to defend against these attacks. The course's coverage of Terraform and Saltstack helps you automate infrastructure security. The DevOps and system administration components of this course may be especially useful.
See salaries and explore the career path for Security Engineer
Security Operations Center Analyst
A Security Operations Center Analyst monitors systems and networks for security threats and responds to incidents. This course may be useful for understanding common attacker techniques. The coverage of C2 frameworks, phishing campaigns, and reverse VPN tunneling provides insight into how attackers operate. Knowing this information helps you detect and respond to security incidents more effectively. The course provides a practical perspective on offensive security that can be valuable for a Security Operations Center Analyst. The Red Team operation is also relevant.
See salaries and explore the career path for Security Operations Center Analyst
Security Architect
A Security Architect designs and implements security strategies for an organization. This course may be useful because it provides insight into offensive security tactics like phishing, C2 frameworks, and reverse VPN tunneling. Knowing these tactics helps you design more robust security architectures. The course's emphasis on infrastructure operations helps you understand how attackers target these systems. You'll learn about using Terraform and Saltstack to manage infrastructure, which can be valuable for automating security deployments. The Red Team coverage may prove especially insightful for a Security Architect.
See salaries and explore the career path for Security Architect
Infrastructure Engineer
An Infrastructure Engineer designs, builds, and maintains the systems that support an organization's operations. This course helps you understand the security implications of infrastructure choices. It also provides hands-on experience with tools like Terraform and Saltstack. Learning how to configure VPNs, set up C2 servers, and understand reverse VPN tunneling helps you build more secure infrastructure. This course helps you to think like an attacker to better defend your systems, which is a beneficial skill for an Infrastructure Engineer. The Red Team coverage is relevant to the role of Infrastructure Engineer.
See salaries and explore the career path for Infrastructure Engineer
Network Engineer
A Network Engineer designs, implements, and manages an organization's network infrastructure. This course may be useful for understanding how attackers exploit network vulnerabilities. The reverse VPN tunneling and C2 framework modules help you understand how attackers can compromise networks. Learning about phishing and custom implant development helps you defend against social engineering attacks. Knowing how Red Teams operate can improve network security strategies for a Network Engineer. The elements of phishing operations covered in this course may prove especially insightful.
See salaries and explore the career path for Network Engineer
Systems Administrator
A Systems Administrator is responsible for the upkeep, configuration, and reliable operation of computer systems and servers. This course may be useful for a Systems Administrator looking to expand their skillset into security. The course covers system administration from an offensive perspective. Penetration testing and red teaming can benefit a Systems Administrator. Learning about C2 frameworks, reverse VPN tunneling, and phishing helps you understand how attackers target systems. The course's coverage of Terraform and Saltstack provides skills for managing infrastructure as code. The hands-on approach may be especially useful to a Systems Administrator.
See salaries and explore the career path for Systems Administrator
Cybersecurity Instructor
A Cybersecurity Instructor educates students or professionals on cybersecurity principles and practices. This course equips you with hands-on knowledge of offensive security techniques. This hands-on knowledge can be easily translated into practical exercises and demonstrations for students. The course's coverage of C2 frameworks, phishing campaigns, and reverse VPN tunneling provides material for teaching offensive security concepts. This course also helps a Cybersecurity Instructor stay relevant by exploring the latest tools and techniques used by Red Teams and attackers.
See salaries and explore the career path for Cybersecurity Instructor

Reading list

We've selected two books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Offensive Security Engineering.
Cover image
Black Hat Go
Save
Explores the use of Go in offensive security, covering topics like network programming, reverse engineering, and vulnerability exploitation. Given the course's emphasis on custom implant development using Golang, this book provides valuable insights and practical examples. It's a great resource for learning how to leverage Go for building offensive security tools and implants.
Black Hat Go: Go Programming For Hackers and...
Paperback
$$
Black Hat Go: Go Programming For Hackers and...
Kindle Edition
$$

Share

Help others find this course page by sharing it with your friends and followers:
Facebook
LinkedIn
Reddit
X
Link
Email

Similar courses

Similar courses are unavailable at this time. Please try again later.
Course image
Rating
4.5 Filled star Filled star Filled star Filled star Half star
Effort
4.5 total hours
Via
Udemy
Instructor
Casey Erdmann
Language
English
Traffic lights
Read about what's good
what should give you pause
and possible dealbreakers
Covers C2 frameworks like Empire, Merlin, and Metasploit, which are actively used in offensive security operations and penetration testing
Explores Terraform and Saltstack, which are valuable tools for automating infrastructure and configuration management in a DevOps environment
Teaches reverse VPN tunneling, which is a technique used to bypass network restrictions and access internal systems from external networks
Requires familiarity with networking concepts, including application network architecture, protocols (TCP, UDP, DNS, ICMP), and VPNs
Uses Metasploit, a framework that, while powerful, requires careful and ethical use to avoid legal and ethical issues
Involves phishing campaign configuration using GoPhish, which requires ethical considerations and adherence to legal regulations to prevent harm
Share this
Share to help others discover this course.
Facebook LinkedIn X Reddit Link Email
Begin learning today
Enroll now to gain full access to Offensive Security Engineering.
Enroll now
Save for later
Add this course to your list. Find it anytime.
Save
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2025 OpenCourser