Offensive Development and Tradecraft
Master offensive development and tradecraft techniques used by red team operators. Learn to build implants, loaders, and evasive tradecraft that bypass modern EDR detections including Elastic, CrowdStrike, and Defender.
30-day money-back guarantee
What You'll Learn
Course Curriculum
- Introduction
- Changelog
- Learning Resources
- Archive Passwords
- Download ISO and VM
- Install Windows VM
- Install Kali Linux
- Install Tools on Windows VM
- Installing Tools on Kali VM
- Setting up Shares
- Elastic EDR Setup on Kali VM
- Havoc Installation on Kali VM
- VM Download Link
- Introduction
- Compile First Exe file
- Compile First Dll File
- Write Code on Kali Linux VM
- Finding Main Code from X64Dbg and IDA Pro
- Debug GetHostName In X64Dbg
- Debug Welcome Dll in X64Dbg
- Code Review Apps in IDA Pro
- LoadDll Code Review and Debugging
- Intro
- PrintMe
- ChangeMe
- Arithmetic Operations
- If than else statements in C
- While Loops and Switch Statements
- Arrays And Pointers
- Strings
- To be Released.
- Assembly Language Introduction
- X64Dbg UI Overview
- X64Dbg - Menu Options
- Debugging in X64Dbg
- Introduction to IDA Pro
- My Workflows - Part 1
- My Workflows - Part 2
- Use Ida Pro to migrate calls from Kernel32 Api to NTApi in minutes
- To be Released.
- Basic Payload Execution
- Debug Basic Payload Execution
- Payload In Text Section - 1
- Payload in Text Section - 2
- Payload in New Section
- Payload in Resource Section
- Payload Stored at Remote Location
- Project to embed a payload in Image and load it from a remote location.
- Free Preview : Discovering the source of the detection FREE PREVIEW
- Getting into the weeds of shellcode manipulation
- Manipulating the shellcode to fully bypass the detections
- Intro
- How is Import Address Table Generated
- A - Removing the C Runtime Initialization Code
- B - Debugging the exe after removing the C Runtime Init code
- Api Hashing Intro
- Generating Hashes Via Python
- Custom GetProcessAddress Via ApiHashing
- Compiler Optimisation problems during IAT Removal
- Custom GetModuleHandle
- Introduction
- Hash Based Detections
- Yara Rules
- Indicators of Attack
- Introduction to Machine Learning Based Detections
- Introduction to ML Bypass
- Updating Loader with Havoc SC
- Moving Havoc SC to alternate location
- Debugging the updated loader
- Final Changes to complete ML Bypass
- Base64 Encoding
- Xor
- Rc4
- AES
- ShikataGaNai
- Api Hooking Intro
- ApiHooking-Detours
- DetoursYara
- Minhooks
- InlineHooking
- DllInjection
- LocalModuleStomping - 1
- LocalModuleStomping - 2
- MapViewInjection
- RemoteModuleStomping - Part 1
- RemoteModuleStomping - Part 2
- Threadless Inject - Part 1
- Threadless Inject - Part 2
- Syscall Intro
- Extract SSN Details
- Executing Payload Via NTApi
- Executing Payload Via Syswhispers3
- HellsGate
- HellFireLounge
- Tasklist Dll Code
- Reflective Dll Injection - Intro
- Reflective Dll Injection Repo
- Reflective Dll Loader Code Review
- ReflectiveLoaderCodeReview
- Convert Any dll Code to Reflective Dll
- Covert Tasklistdll to Reflective Dll
- Build Reflective Loader
- PIC
- Pic Troubleshooting
- PIC Automation
- Introduction
- Build Payload
- Build PIC Executable
- Extract PIC from Executable
- BuildModuleStomper Section
- Debugging Final Executable
- Review Changes to bypass EDR
Requirements
- Comfortable programming in C and working with Windows tooling (mingw, CMake)
- Windows host with virtualization support (required for course labs)
- Apple Silicon devices are not supported for the required virtualization stack
- 16GB RAM and at least 200GB free storage for lab VMs
- Familiarity with x64dbg, IDA Pro, or WinDbg is helpful
Learning Resources Provided
Video & Text Content
We provide Video and Text based learning material, both of which complement each other. We also provide prepared Virtual Machines so you can download and use them in your own lab.
Technologies Used
The programming language used is C. We use Mingw compiler, Visual Studio 2022, X64Dbg, IDA Pro, and WinDbg for research and debugging. Elastic EDR is used for Detection and Evasion.
Note Taking & Community
Access to Notion template to help with learning, keeping track of work completed and additional notes. Discord server access for questions and engagement with other students.
Frequently Asked Questions
The course material contains detailed explanations in Videos and Text based format. We also provide access to Discord and a special Notion Template to help with tracking progress, keeping notes, and more.
This course is ideal for cybersecurity professionals seeking to advance their skills in offensive development, including penetration testers, red teamers, blue teamers, security analysts, and researchers. Mastering offensive cybersecurity techniques opens doors to new career opportunities. Employers value professionals who can think strategically and understand both offensive and defensive tactics.
This course is ideal for cybersecurity professionals seeking to advance their skills in offensive development, including penetration testers, red teamers, blue teamers, security analysts, and researchers.
Yes, the course is updated every month with new and advanced materials.
No, the course does not expire. You will have lifetime access to all current and future content.
Your Instructor
Ahmed Kasmani
Research Lead (Fortune 500), ex-Microsoft & CrowdStrike
Research Lead focused on malware reverse engineering and security research. Previously at Microsoft and CrowdStrike across Security Research, Security Engineering, and MDR. 15+ years in cyber, with front-line work on incidents like WannaCry, NotPetya, SolarWinds, and ProxyShell. Committed to making hands-on security training accessible and affordable.