book

Red Team Engineering

Name: Red Team Engineering
Author: Casey Erdmann
ISBN: 9781718504264

by Casey Erdmann

March 2026

Intermediate to advanced

352 pages

8h 59m

English

No Starch Press

Read now

Unlock full access

Cover Page
Title Page
Copyright Page
Dedication Page
About the Author
About the Technical Reviewer
BRIEF CONTENTS
CONTENTS IN DETAIL
ACKNOWLEDGMENTS
INTRODUCTION
Core Concepts of Offensive SecurityEthical Implications of Red TeamingRed Team OperationsWhat You’ll Need to Follow AlongHow This Book Is Organized

0 TOOLS OF THE TRADECRAFT
PART I: OFFENSIVE SECURITY DEVELOPMENT
1 WEB APPLICATION EXPLOITS
Considering OST Best PracticesBuilding a Basic Phishing PageUsing Bootstrap and Font Awesome CSS for a Modern-Looking SiteImporting JavaScript Libraries via CDNsAdding a Navigation BarCreating a Credential-Harvesting FormHandling Credentials with JavaScriptCapturing Credentials Server-Side with PHPSaving Credentials Without a DatabaseCreating a MySQL Database for Credential StorageBuilding a Phishing Website with Database Credential StorageCapturing Credentials with JavaScriptExploring Common Tools for PhishingThe wget ToolThe goclone ToolAI, LLMs, and ChatGPTEAPHammer Captive-Portal AttacksSummaryGoing Further
2 AUTHENTICATION ATTACKS
Creating a Target ApplicationAdding Authentication with PHPPreventing SQL InjectionImplementing a Login ResponseFollowing Best Practices for Credential StorageDissecting Requests with DevTools and ProxiesIdentifying Data with Web Developer ToolsIntercepting Requests with a Web ProxyHandling Proxied Requests with PythonSending a Transparent Proxy ResponseBuilding a Proxy ServerBrute-Forcing CredentialsBuilding the Login Request ScriptSending Authentication Data with PythonAutomating the Brute-Force BehaviorRunning a Brute-Force AttackCreating a Web Application Password-Spraying ToolBuilding the Password-Spraying ToolRunning the Password-Spraying AttackCreating an SMB Brute-Forcing Attack ToolImplementing the SMB Connection in PythonValidating Successful Authentication to SMB SharesAutomating the Brute-Force Attack for SMB TargetsRunning a Brute-Force Attack Against SMBCreating an SMB Password-Spraying ToolImplementing a Password-Spraying Loop for SMB TargetsRunning a Password Spray Against SMBCommon Tools for Authentication AttacksBurp SuiteCrackMapExecSpray WrapperSummary
3 CUSTOM MALWARE DEVELOPMENT AND DISTRIBUTION
Writing a Simple Program in GoSetting Up the File-Reading FunctionalitySetting Up the File-Writing FunctionalityCombining the Reading and Writing ProgramsCommand Execution with the os LibraryFile Encryption with GoBuilding the Encryption ToolBuilding the Decryption ToolWriting Custom RansomwareDefining the Encrypt() and Decrypt() FunctionsScaffolding the Ransomware LogicDefining the doEncrypt() and doDecrypt() FunctionsRunning the Ransomware ProgramWriting a C2 Server in PythonWriting a C2 ImplantAI Malware DevelopmentSummary
PART II: OFFENSIVE SECURITY ENGINEERING
4 AUTOMATING OFFENSIVE SECURITY INFRASTRUCTURE DEPLOYMENT
Tools and Technologies for AutomationAWS for Attack InfrastructureCreating an AWS Service AccountA Terraform PrimerTerraform Server InstantiationTerraform Network Access Control ListsTerraform EC2 Instance CreationTerraform DeploymentA Serverless Framework PrimerBoilerplate Serverless ApplicationServerless Python Deployment DependenciesServerless Flask API CodeServerless Framework DeploymentSummary
5 APPLYING NETWORK FUNDAMENTALS TO C2 IMPLEMENTATION
The OSI ModelSimple Target NetworkActive Directory Target NetworkCommand-and-Control Network FlowsBind ConnectionsReverse ConnectionsExploitation with the Metasploit FrameworkExecuting a Bind ShellExecuting a Reverse ShellThe Implications of Connection DirectionalitySummary
6 REVERSE VPN TUNNELING
Reverse VPN TopologyCompromising a Server for Reverse VPN TunnelingUsing Reverse VPN Tunnel Path TopologyConfiguring an EC2 Instance with TerraformAccessing the Reverse VPN Server InstanceSimulating a Dropbox with VagrantConfiguring OpenVPN with PiVPNSelecting OpenVPN ConfigurationConfiguring OpenVPN Service and DNSSetting OpenVPN Encryption StrengthSetting OpenVPN Post-Installation ConfigurationsGenerating a VPN CertificateEstablishing a Reverse VPN TunnelSummary
7 MANAGING INFRASTRUCTURE FOR OFFENSIVE SECURITY OPERATIONS
The Evolution of Infrastructure OperationsGetting Started with Salt ProjectConfiguring the Salt Project Terraform ServerInstalling Salt ProjectConfiguring the Salt Fingerprint and IP AddressLinking the Minions to the MasterRunning a Salt Project CommandWorking with Salt StatesCreating a Salt StateObserving Desired StateSalt Project as a C2 ServerSummary
PART III: OFFENSIVE SECURITY IN THE REAL WORLD
8 EXPLOITATION WITH METASPLOIT
Gaining Access: Configuring a C2 Server with TerraformSpinning Up Metasploit on a C2 ServerSetting Up the Exploit CallbackExploiting the TargetMaintaining Access: Establishing Persistence with MetasploitDisabling Windows DefenderGenerating a Meterpreter PayloadConfiguring Persistence OptionsUsing the Metasploit Cleanup Automation ResourceActing on the Objective: Extracting Credentials with MimikatzSummary
9 DEPLOYING A DROPBOX
Configuring a Reverse VPN DropboxUsing Empire on a C2 ServerConfiguring EmpirePreparing an Empire C2 StagerPost-Exploitation via Python ImpacketDeploying the Empire StagerEstablishing Persistence via EmpireSummary
10 PHISHING ATTACK WITH C2 REDIRECTORS
Preparing Your Custom C2 Implant and ServerImplementing C2 Redirectors via the Serverless FrameworkCreating an AWS Lambda Redirector in PythonDeploying the Redirector to AWS LambdaConfiguring a Custom C2 Server and ImplantConfiguring GophishCreating the Gophish Service AccountInstalling Gophish and Configuring Program PermissionsSetting Up an SSH Proxy to the Gophish Admin PanelConfiguring the Gophish Admin PanelCreating and Launching a Gophish CampaignCloning a Landing PageCreating a Phishing Email TemplateConfiguring an SMTP Sending ProfileExecuting the CampaignPhishing Payload ExecutionReceiving a Custom Simple C2 CallbackRed Team Infrastructure in the Real World
11 MULTIPLAYER C2 CONFIGURATION
teamserver for Cobalt Strike and ArmitageStarting the Metasploit Database and teamserverConnecting to teamserver with ArmitageInteracting with teamserverMultiplayer Mode for Sliver C2Installing Sliver C2Configuring Multiplayer ModeGetting a Callback with Sliver C2Other Multiuser C2 Tool KitsConclusion
RESOURCES
INDEX

Content preview from Red Team Engineering

8EXPLOITATION WITH METASPLOIT

In this first scenario, you’ll be acting as part of a red team assessment that’s identified a system vulnerable to MS17-010 (EternalBlue), a widespread security flaw in Microsoft’s SMB protocol that allows for remote code execution on Windows systems. This scenario depicts a type of event you’re likely to encounter in your offensive security career and gives you practical experience setting up and using a real external C2 server. You’ll follow the typical red team methodology after the reconnaissance phase: gaining access, maintaining access, and then acting on the objective, which, in this case, is to harvest ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 0642572230234Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Red Team Engineering

by Casey Erdmann

8EXPLOITATION WITH METASPLOIT

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.