I've managed to escalate privileges on the target host with a follow-up attack, but what should I do if I want to expand the attack scope to other networks? 🤔

In Red Raccoon's BHPT lecture, we learned about the mock hacking process against a single host. However, the real IT infrastructure is not made up of a single host, but of thousands, tens of thousands, and hundreds of thousands of hosts and hundreds of thousands of networks. In addition, "network separation" is used to separate networks and control access to specific networks only to authorized IP addresses, networks, hosts, users, software, ports, and protocols.

How should we conduct mock hacking/red teaming in this network isolation situation?

Attack scenario using pivoting during network separation

In this Red Raccoon Pivoting and Tunneling (PNT) lecture, you will learn about the concepts of pivoting and tunneling in the lateral movement stage of the attacker's life cycle in a network separation environment as mentioned above, understand pivoting attack techniques according to the target network environment when moving within a network, and then directly perform the relevant techniques through hands-on practice based on the concepts you have learned.

You can think of this lecture as one that teaches you the pivoting and tunneling techniques used when moving internally or laterally in a network, as shown in the diagram below.

Features of this course

📌 Learning based on real attack scenarios

📌 Introduction to various pivoting techniques and tunneling tools

📌 Strengthening practical suitability in Red Raccoon’s hands-on training environment

📌 Learning a systematic approach from the attacker's perspective

I recommend this to these people

After class

• Learn in depth the techniques for performing lateral movement across network boundaries and understand how they can be utilized through real-world examples.

• Develop problem-solving skills in real-world situations by applying pivoting and tunneling techniques directly through in-class exercises.

• The Red Raccoon community provides opportunities to connect with fellow students from diverse backgrounds and receive direct feedback from industry experts.

• Learn how to identify vulnerabilities in network segmentation and defense systems from an attacker's perspective and strengthen your defense strategy based on this.

PNT Lecture Structure

Red Raccoon Academy Faculty

Choi

• Currently working as a red team operator at a major domestic company, conducting attacker simulation work

• Former Fortune 100 US headquarters, conducting internal network, external network, and web mock hacking for companies around the world

• Create and run Blue Team Workshop + Red Team Workshop at Defcon 30, Defcon 31

• Korea's first offensive security open source Wikipedia operation ( redteam.com )

• Global CPTC(Collegiate Penetration Testing Competition) 2020 - 1st Place, Team Leader

• Certifications: OSCP, CRTO, CRTL, EvilGinx2 Phishing Mastery Course, Breaching the Cloud

  ---

Groot

• Current Mock Hacker at TUV SUD & Cyber Security Bootcamp Lead Instructor

• Former CrowdStrike Senior Cyber Security Intel Researcher

• Former CyberCX MSSP SOC Team Leader, Senior Simulator Hacker

• Experience in various domains such as Blue Team, Red Team, and Intel Researcher

• Certifications: OSCP, CRTO, CREST, Security Product Vendor Certifications (CrowdStrike, LogRhythm, Okta, Microsoft Security, Netskope, etc.)