Course Layout & Expectations

Responsible Red Teaming consists of a series of written lectures and practical labs. The lecture content is not meant to be exhaustive. There is no way that I could cover the entire range of situations one may encounter as a red teamer. Nonetheless, each section is designed to support the main theme of the course.

Tools & VMs

The course uses at least two local Virtual Machines and one cloud-provisioned instance. The primary VM for this course is rrt-kali, which is available at the course share (linked below). The Kali host can be provisioned on your local hypervisor.

Tip: I recommend downloading and setting this VM up and running sudo apt update && sudo apt upgrade -y right away to save some time when you get to the labs.

There is also a vulnerable VM used in the course capstone called risotto-dmz-prod that is available on the course share. This VM does not need to be updated or upgraded.

VM Credentials

The credentials for the Kali host are kali:kali

The credentials for the capstone vulnerable host are risottoadmin:MYpassword123!

Hypervisor Requirement

There is no specific hypervisor requirement for this course, so please use the one you are most comfortable with. The OVAs for the course were built using VMware Workstation and exported to OVA format, so they will probably work best on VMware Workstation/Pro. Please note that if you use VirtualBox to run the VMs, you may need to do some manual configuration to get the guest additions to work well.

Other Tools & Licensing

Please note that the course uses common offensive security tools like Kali Linux, Sliver, and the Metasploit Framework, which are all available as free and open-source software. Please review the licenses for all software used in this course. The course was built and tested using specific versions of these tools, but later versions will probably work as well.

Course Share

I've provided a course share drive that hosts the course VMs. The course share is accessible at this link:

Lab Repository

The practical component of this course features a handful of labs that reinforce core concepts. The lab repository is located here:

Please see the README for instructions on cloning the lab repository.


This course is not built to teach the red team operator skillset. The course does not teach you how to Kerberoast, set up Evilginx, move laterally, or establish persistence on a target. The course material assumes that you are already familiar with the general concepts of a red team operation on the technical and non-technical levels. Instead, it seeks to refine your existing skill set and add a new dimension to it.

The labs in this course are written to be a bit more freeform than other comparable courses. I expect that students of this course have experience enough to follow the labs and perform the tasks without step-by-step, explicit instructions. I am, of course, still available to help troubleshoot and answer questions in the course Discord.

This course assumes the following:

  • You are now, or plan to soon be, a red teamer that has legal authorization to do security testing for a client, or…
  • …you use the skills of a red team operator for personal research, home lab activities, and/or learn this kind of stuff for fun with the intention of only using it on networks/hosts that you own.
  • You are familiar with red team engagements in a general sense, from pre-engagement planning, through initial access, all the way to the completion of objectives and reporting.
  • You have some — even just a little — familiarity with software development. This course covers a few concepts that are centered on custom exploit and payload development. The material assumes you know how to set up a dev environment, how to install Visual Studio Code, how to install language toolchains, and how to compile and debug your code. The labs in this course that focus on software development center on using Rust, but prior experience with Rust is not necessary to complete the labs.

Complete and Continue