Personal Course Compendium (PCC)
I’m starting this file as a tracking mechanism for courses I have completed and ones I am in the process of completing.
| Course | Description/Skills Practiced | Status | Link |
|---|---|---|---|
| Certified Red Team Operator Courseware | “Students will first cover the core concepts of adversary simulation, command & control, engagement planning and reporting. They will then go through each stage of the attack lifecycle - from initial compromise to full domain takeover, data hunting and exfiltration. Students will learn how common “OPSEC failures” can lead to detection by defenders, and how to carry out those attacks in a stealthier way. Finally, they will learn how to bypass defences such as Windows Defender, AMSI and AppLocker.” | Complete | https://training.zeropointsecurity.co.uk/courses/red-team-ops |
| TCM Practical Ethical Hacking | I used this course to brush up before taking the PNPT exam. Topics include: common Active Directory attack and defense, exploiting the OWASP top 10, report writing, and recon | Complete | https://academy.tcm-sec.com/p/practical-ethical-hacking-the-complete-course - Very, very old notes -> https://tkyn.dev/TCM-PEH-Course-Review+AD-Notes/ |
| TCM Windows Privilege Escalation | Addendum to the PNPT prep, revising previous notes. Topics include: Kernel Exploits, Password Hunting, Impersonation Attacks, Registry Attacks, Executable Files, Schedule Tasks, Startup Applications, DLL Hijacking, Service Permissions, Windows Subsystem for Linux | Complete | https://academy.tcm-sec.com/p/windows-privilege-escalation-for-beginners |
| TCM Linux Privilege Escalation | Additional revision for the PNPT exam. Topics include: Kernel Exploits, Password Hunting, File Permissions, Sudo Attacks, Shell Escaping, LD_PRELOAD, SUID Attacks, Shared Object Injection, Binary Symlinks, Environment Variables, Capabilities Attacks, Scheduled Tasks, NFS, Docker | Complete | https://academy.tcm-sec.com/p/linux-privilege-escalation |
| TCM External Pentest Playbook | Introduction to external pentests, now completely overshadowed by my real life experience on clients. Topics include: Scope Verification and Client Communication, Vulnerability Scanning, Common OSINT and Information Gathering Techniques, Attacking O365/OWA, Attacking Login Portals, Bypassing MFA and Escalating Access, Report Writing, Identifying Common Pentest Findings, Client Debriefs, Retests, and Attestations | Complete | https://academy.tcm-sec.com/p/external-pentest-playbook |
| TCM Web Application Security and Testing | Intro to web app testing, more for refining my methodology than first exposure. From the course author “… basics of HTTP, servers, and clients, before moving through the OWASP Top 10 on our way to a full demonstration penetration test. We also cover the reporting process for web application assessments …” | Complete | https://academy.tcm-sec.com/p/practical-web-application-security-and-testing |
| x86 Assembly Language and Shellcoding on Linux | Haven’t finished this course as of yet, good introduction and exercises for learning assembly. | 50% | https://www.pentesteracademy.com/course?id=3 - https://tkyn.dev/SLAE-x86-Assembly-and-Shellcoding-on-Linux-Notes/ |
| Sektor7 Malware Development Essentials | Haven’t finished this course either, need to get more familiar with C. From the author: It will teach you how to develop your own custom malware for latest Microsoft Windows 10. And by custom malware we mean building a dropper for any payload you want (Metasploit meterpreter, Empire or Cobalt Strike beacons, etc.), injecting your shellcodes into remote processes, creating trojan horses (backdooring existing software) and bypassing Windows Defender AV. | 30% | https://institute.sektor7.net/red-team-operator-malware-development-essentials - https://tkyn.dev/Sektor7-Malware-Development-Course/ |
