강의

N
챌린지

멘토링

N
클립

커뮤니티

BEST
Security & Network

/

Computer Security

PNT - Pivoting and Tunneling

The PNT course is a hands-on course designed to follow the BHPT course and teach the concepts of pivoting and tunneling, which are necessary for lateral movement within a network. Students will learn pivoting techniques to bypass firewalls by manipulating network traffic and learn how to cross boundaries in various network environments through a practical lab.

(4.7) 28 reviews

287 learners

Level Intermediate

Course period Unlimited

  • redraccoon
Penetration Testing
Penetration Testing
security training
security training
network-security
network-security
cybersecurity
cybersecurity
Penetration Testing
Penetration Testing
security training
security training
network-security
network-security
cybersecurity
cybersecurity

Reviews from Early Learners

Reviews from Early Learners

4.7

5.0

몽상가

22% enrolled

Choi and Groot. How are you? Thank you for giving me a platform to grow even more, and I will enjoy it.

5.0

김수영

100% enrolled

The best

5.0

공익선

31% enrolled

The lecture is very informative.

What you will gain after the course

  • pivoting

  • tunneling

  • Simulated hacking

I've managed to escalate privileges on the target host with a follow-up attack, but what should I do if I want to expand the attack scope to other networks? 🤔


In Red Raccoon's BHPT lecture, we learned about the mock hacking process against a single host. However, the real IT infrastructure is not made up of a single host, but of thousands, tens of thousands, and hundreds of thousands of hosts and hundreds of thousands of networks. In addition, "network separation" is used to separate networks and control access to specific networks only to authorized IP addresses, networks, hosts, users, software, ports, and protocols.

How should we conduct mock hacking/red teaming in this network isolation situation?

Attack scenario using pivoting during network separation

In this Red Raccoon Pivoting and Tunneling (PNT) lecture, you will learn about the concepts of pivoting and tunneling in the lateral movement stage of the attacker's life cycle in a network separation environment as mentioned above, understand pivoting attack techniques according to the target network environment when moving within a network, and then directly perform the relevant techniques through hands-on practice based on the concepts you have learned.




You can think of this lecture as one that teaches you the pivoting and tunneling techniques used when moving internally or laterally in a network, as shown in the diagram below.



Features of this course

📌 Learning based on real attack scenarios

📌 Introduction to various pivoting techniques and tunneling tools

📌 Strengthening practical suitability in Red Raccoon’s hands-on training environment

📌 Learning a systematic approach from the attacker's perspective

I recommend this to these people

I can attack one host, but I don't know what to do next.

The BHPT lecture only targeted one host... I don't know what to study next

I do CTF and bug bounties from time to time. Is this right?
Anyone who wants to experience realistic mock hacking targeting networks beyond CTF or web mock hacking

I understand the theory, but I don't know how to apply it in practice.
I've heard of pivoting and tunneling, but I'm curious about what kind of situations they're actually used in.

After class

  • Learn in depth the techniques for performing lateral movement across network boundaries and understand how they can be utilized through real-world examples.

  • Develop problem-solving skills in real-world situations by applying pivoting and tunneling techniques directly through in-class exercises.

  • The Red Raccoon community provides opportunities to connect with fellow students from diverse backgrounds and receive direct feedback from industry experts.

  • Learn how to identify vulnerabilities in network segmentation and defense systems from an attacker's perspective and strengthen your defense strategy based on this.

PNT Lecture Structure

Screenshot 2024-10-27 154432


The one and only hands-on lab created by Red Raccoon

We provide hands-on labs produced directly by Red Raccoon 24 hours a day through Discord.

Screenshot 2024-10-27 153831

Unlimited Red Raccoon Guidebook Period

In addition to the lecture videos, it also contains lecture and practical content.
Unlimited PNT full guidebook


Screenshot 2024-10-27 154800

Gain practical experience through self-check assignments

Added fun by finding hidden flags here and there

Final assignment



Final task

The final assignment will allow you to review what you have learned so far.


Red Raccoon Academy Faculty

Choi

  • Currently working as a red team operator at a major domestic company, conducting attacker simulation work

  • Former Fortune 100 US headquarters, conducting internal network, external network, and web mock hacking for companies around the world

  • Create and run Blue Team Workshop + Red Team Workshop at Defcon 30, Defcon 31

  • Korea's first offensive security open source Wikipedia operation ( redteam.com )

  • Global CPTC(Collegiate Penetration Testing Competition) 2020 - 1st Place, Team Leader

  • Certifications: OSCP, CRTO, CRTL, EvilGinx2 Phishing Mastery Course, Breaching the Cloud

Groot

  • Current Mock Hacker at TUV SUD & Cyber Security Bootcamp Lead Instructor

  • Former CrowdStrike Senior Cyber Security Intel Researcher

  • Former CyberCX MSSP SOC Team Leader, Senior Simulator Hacker

  • Experience in various domains such as Blue Team, Red Team, and Intel Researcher

  • Certifications: OSCP, CRTO, CREST, Security Product Vendor Certifications (CrowdStrike, LogRhythm, Okta, Microsoft Security, Netskope, etc.)

Player Knowledge and Notes

  • This lecture is a compilation of techniques used in internal network mock hacking or actual red teaming, so intermediate or higher skills are required.

  • This lecture is a follow-up lecture to Red Raccoon BHPT . We recommend that you take BHPT first and then take this lecture.

Recommended for
these people

Who is this course right for?

  • Those who want to experience red team work in the field but lack opportunities to practice pivoting or tunneling

  • External penetration testing is something I've experienced, but I'd like to expand the scope to include internal network penetration.

  • Security consultants who need to develop penetration testing strategies for situations where network access is restricted, depending on the environment of various clients

  • Infrastructure/network administrators who want to understand how the company's security policies and network defense systems can be bypassed from the perspective of an actual attacker

  • Security operations center (SOC) analysts and threat hunting specialists who want to improve real-time analysis and threat detection by understanding the propagation paths and lateral movement techniques of internal attacks

Need to know before starting?

  • Simulated hacking

  • Basic Network Theory

  • BHPT

Hello
This is

1,396

Learners

142

Reviews

12

Answers

4.9

Rating

3

Courses

Red Raccoon Community

Red Raccoon is a cybersecurity community that not only provides lectures on cybersecurity hacking techniques but also shares cybersecurity topics, tips, and know-how.

Red Raccoon Website List

 

Red Raccoon Academy Instructors

Choi

  • Current Red Team Operator at a major domestic corporation - performing adversary simulation and penetration testing

  • Former Fortune 100 professional, performed internal, external, and web penetration testing for companies in the U.S. and worldwide

  • Created and conducted Blue Team and Red Team workshops at Defcon 30 and Defcon 31

  • Operating Korea's first offensive security open-source Wikipedia (RedTeam.com)

  • Global CPTC (Collegiate Penetration Testing Competition) 2020 - 1st Place, Team Leader

  • Certifications: OSCP, CRTO, CRTL, EvilGinx2 Phishing Mastery Course, Breaching the Cloud

Groot

  • Current Senior Cybersecurity Engineer & Cybersecurity Bootcamp Lead Instructor

  • Former CrowdStrike Senior Cybersecurity Intelligence Researcher

  • Former CyberCX MSSP SOC Team Lead, Senior Penetration Tester

  • Possesses career experience in various domains, including Blue Team, Red Team, and Intel Researcher.

  • Certifications: OSCP, CRTO, CREST, security product vendor certifications (CrowdStrike, LogRhythm, Okta, Microsoft Security, Netskope, etc.)

     

 

 

Curriculum

All

36 lectures ∙ (3hr 48min)

Published: 
Last updated: 

Reviews

All

28 reviews

4.7

28 reviews

  • szen님의 프로필 이미지
    szen

    Reviews 6

    Average Rating 5.0

    5

    100% enrolled

    The best

    • muyaho76867님의 프로필 이미지
      muyaho76867

      Reviews 2

      Average Rating 4.0

      4

      31% enrolled

      • cybug님의 프로필 이미지
        cybug

        Reviews 2

        Average Rating 5.0

        5

        31% enrolled

        • icsunkong3543님의 프로필 이미지
          icsunkong3543

          Reviews 5

          Average Rating 5.0

          5

          31% enrolled

          The lecture is very informative.

          • cylee9999님의 프로필 이미지
            cylee9999

            Reviews 2

            Average Rating 5.0

            5

            100% enrolled

            It's difficult, but I think it will be very helpful Thank you

            $152.90

            redraccoon's other courses

            Check out other courses by the instructor!

            BHPT - Host-Based Penetration Testing Fundamentals강의 썸네일

            BHPT - Host-Based Penetration Testing Fundamentals

            redraccoon

            Have you ever wondered how real attackers carry out cyber attacks? BHPT is a comprehensive hands-on course that uses on-demand labs to learn methodologies for discovering, exploiting, reporting, and responding to vulnerabilities by conducting penetration testing from an attacker's perspective against specific hosts.

            초급

            초급

            Penetration Testing, Offensive Security, Network

            BHPT - Host-Based Penetration Testing Fundamentals강의 썸네일

            BHPT - Host-Based Penetration Testing Fundamentals

            redraccoon

            RTL - A Taste of Red Teaming강의 썸네일

            RTL - A Taste of Red Teaming

            redraccoon

            RTL (Red Team Lite) is an introductory red team course that teaches the concepts and technical elements required for full-chain red team penetration testing—including attacker infrastructure setup, C2 advancement, payload creation, information gathering, initial compromise, foothold establishment, privilege escalation, lateral movement, post-exploitation, and data exfiltration—through real-world attacker TTPs.

            중급이상

            중급이상

            Penetration Testing

            RTL - A Taste of Red Teaming강의 썸네일

            RTL - A Taste of Red Teaming

            redraccoon

            Similar courses

            Explore other courses in the same field!

            BHPT - Host-Based Penetration Testing Fundamentals강의 썸네일

            BHPT - Host-Based Penetration Testing Fundamentals

            redraccoon

            Have you ever wondered how real attackers carry out cyber attacks? BHPT is a comprehensive hands-on course that uses on-demand labs to learn methodologies for discovering, exploiting, reporting, and responding to vulnerabilities by conducting penetration testing from an attacker's perspective against specific hosts.

            초급

            초급

            Penetration Testing, Offensive Security, Network

            BHPT - Host-Based Penetration Testing Fundamentals강의 썸네일

            BHPT - Host-Based Penetration Testing Fundamentals

            redraccoon

            AWS Network with a Silicon Valley Engineer강의 썸네일

            AWS Network with a Silicon Valley Engineer

            altoformula

            Master AWS networking completely! Learn VPC, subnet, routing, and security with a focus on practical application, and design secure and scalable cloud network architectures. Complete the core skills that every working engineer must know in a short period of time!

            입문

            입문

            AWS, Network, vpc

            AWS Network with a Silicon Valley Engineer강의 썸네일

            AWS Network with a Silicon Valley Engineer

            altoformula

            Wireshark Network Packet Analysis Practice for IT Security강의 썸네일

            Wireshark Network Packet Analysis Practice for IT Security

            boanproject

            Network packet analysis is essential when conducting incident analysis and vulnerability analysis. Among the tools available, Wireshark is the most widely used, and this course covers the complete utilization of Wireshark and provides understanding through incident analysis case studies.

            초급

            초급

            Penetration Testing, Network, Wireshark

            Wireshark Network Packet Analysis Practice for IT Security강의 썸네일

            Wireshark Network Packet Analysis Practice for IT Security

            boanproject

            Cloudflare WAF for DevSecOps, & Cloud Security Engineers강의 썸네일

            Cloudflare WAF for DevSecOps, & Cloud Security Engineers

            amrit

            Mastering Threat Mitigation, Custom Rules, and API Protection for Modern DevOps Pipelines

            입문

            입문

            security, waf, devsecops

            Cloudflare WAF for DevSecOps, & Cloud Security Engineers강의 썸네일

            Cloudflare WAF for DevSecOps, & Cloud Security Engineers

            amrit

            Linux Permissions Masterclass – "From Fundamentals to Practical Application, Security, and Service Operations"강의 썸네일

            Linux Permissions Masterclass – "From Fundamentals to Practical Application, Security, and Service Operations"

            linuxmasternet

            This course puts an end to Linux server operational vulnerabilities caused by incorrect permissions. Master file and directory permission control based on real-world industry standards.

            초급

            초급

            Linux, Operating System, security

            Linux Permissions Masterclass – "From Fundamentals to Practical Application, Security, and Service Operations"강의 썸네일

            Linux Permissions Masterclass – "From Fundamentals to Practical Application, Security, and Service Operations"

            linuxmasternet

            Mock Hacking Job Preparation, Interview Preparation Course강의 썸네일

            Mock Hacking Job Preparation, Interview Preparation Course

            boanproject

            This lecture provides a general guide on how to prepare while studying when you want to choose a career in IT security penetration testing, and what questions and answers to prepare for the interview. I will share my experience working as a penetration testing consultant, at large companies, and in the financial sector, and currently running a penetration testing consulting business.

            입문

            입문

            Penetration Testing, Tech Interview

            Mock Hacking Job Preparation, Interview Preparation Course강의 썸네일

            Mock Hacking Job Preparation, Interview Preparation Course

            boanproject

            Understanding Information Security System Construction강의 썸네일

            Understanding Information Security System Construction

            ISMS-P WIN

            This is a lecture [Certification and Practice (Security · Network), Security] prepared for beginners.

            초급

            초급

            ISMS-P, CPPG, security training

            Understanding Information Security System Construction강의 썸네일

            Understanding Information Security System Construction

            ISMS-P WIN

            The process of obtaining the Information Security Risk Manager (ISRM) certification.강의 썸네일

            The process of obtaining the Information Security Risk Manager (ISRM) certification.

            ISMS-P WIN

            KCA Information Security Risk Manager (ISRM) certification course! The cornerstone for acquiring the top 3 personal information protection certifications: CPPG, ISMS-P!

            입문

            입문

            ISMS-P, CPPG, Engineer information security

            The process of obtaining the Information Security Risk Manager (ISRM) certification.강의 썸네일

            The process of obtaining the Information Security Risk Manager (ISRM) certification.

            ISMS-P WIN

            Understanding AWS Cloud Service Infrastructure Construction, Hacking, and Security강의 썸네일

            Understanding AWS Cloud Service Infrastructure Construction, Hacking, and Security

            boanproject

            IT services are rapidly transitioning to cloud environments. You will learn security practices from basic virtual infrastructure construction to security threat monitoring and vulnerability diagnosis for each area to secure the Amazon AWS cloud environment.

            초급

            초급

            AWS, Penetration Testing

            Understanding AWS Cloud Service Infrastructure Construction, Hacking, and Security강의 썸네일

            Understanding AWS Cloud Service Infrastructure Construction, Hacking, and Security

            boanproject

            Genie's Information Security System Practice (Beginner)강의 썸네일

            Genie's Information Security System Practice (Beginner)

            geni

            This course carefully selects the core systems that beginners must know in the vast field of information security. Instead of rigid theory, it's structured to help you intuitively understand system principles through clear analogies and practical examples. With this single course, you can grasp the big picture of information security systems as a whole and develop practical skills.

            입문

            입문

            security, firewall, network-security

            Genie's Information Security System Practice (Beginner)강의 썸네일

            Genie's Information Security System Practice (Beginner)

            geni

            Web technology basics you must know강의 썸네일

            Web technology basics you must know

            crehacktive

            This is a course where you can learn the basics of web technology. You can learn the basics of web technology in a short period of time. If you are interested in studying or getting a job related to the web, you must take this course!

            입문

            입문

            Penetration Testing

            Web technology basics you must know강의 썸네일

            Web technology basics you must know

            crehacktive

            [AWS Beginner's Guide] Master the Basic Network Configuration!강의 썸네일

            [AWS Beginner's Guide] Master the Basic Network Configuration!

            KLeIn

            Understanding network configurations is extremely important when building applications on AWS. In this course, we will clearly explain the concepts and actual construction methods of basic network configurations in AWS.

            입문

            입문

            AWS, subnet, network-security

            [AWS Beginner's Guide] Master the Basic Network Configuration!강의 썸네일

            [AWS Beginner's Guide] Master the Basic Network Configuration!

            KLeIn

            Automotive Cyber Security강의 썸네일

            Automotive Cyber Security

            woojuyun

            This lecture is about automotive ECU cyber security based on a basic understanding of cryptography.

            초급

            초급

            cybersecurity, security, software-design

            Automotive Cyber Security강의 썸네일

            Automotive Cyber Security

            woojuyun

            CPPG CORE CLASSROOM LEARNING강의 썸네일

            CPPG CORE CLASSROOM LEARNING

            ISMS-P WIN

            Repeatedly study the 100 most frequently appearing CPPG core topics through theory, mind maps, and problem solving.

            초급

            초급

            CPPG, ISMS-P, security training

            CPPG CORE CLASSROOM LEARNING강의 썸네일

            CPPG CORE CLASSROOM LEARNING

            ISMS-P WIN