Red Insight is a knowledge repository focused on penetration testing, designed to help security professionals, ethical hackers, and penetration testers deepen their understanding of offensive security and exploit development. This repository covers a wide range of topics, from vulnerability scanning to privilege escalation and beyond.
The goal of Red Insight is to provide a detailed collection of notes, techniques, and practical examples in penetration testing, divided into various sections to make it easier to find relevant content. Each section offers structured insights on specific phases of a penetration test, making it suitable for both beginners and advanced users.
Before you dive in, it's recommended that you have a basic understanding of:
- Networking and system administration
- Command-line interfaces (Linux/Windows)
- Common penetration testing tools (Nmap, Metasploit, Burp Suite, etc.)
The repository is structured based on key penetration testing areas and techniques, following the timeline of a typical engagement.
Red-Insight/
│
├── Report Writing for Penetration Testers/ # Best practices for documenting pentests
│ └── report_writing.md
│
├── Information Gathering/ # Techniques for reconnaissance and data collection
│ └── information_gathering.md
│
├── Vulnerability Scanning/ # Tools and techniques for scanning vulnerabilities
│ └── vulnerability_scanning.md
│
├── Introduction to Web Application Attacks/ # Basics of web app exploitation
│ └── intro_to_web_attacks.md
│
├── Common Web Application Attacks/ # In-depth look at common web vulnerabilities
│ └── common_web_attacks.md
│
├── SQL Injection Attacks/ # Techniques for exploiting SQL injections
│ └── sql_injection.md
│
├── Client-side Attacks/ # Attacks targeting client-side components
│ └── client_side_attacks.md
│
├── Locating Public Exploits/ # Finding and using publicly available exploits
│ └── locating_exploits.md
│
├── Fixing Exploits/ # Techniques for fixing vulnerabilities
│ └── fixing_exploits.md
│
├── Antivirus Evasion/ # Methods to bypass antivirus software
│ └── av_evasion.md
│
├── Password Attacks/ # Techniques for cracking or guessing passwords
│ └── password_attacks.md
│
├── Windows Privilege Escalation/ # Methods for elevating privileges on Windows systems
│ └── windows_privilege_escalation.md
│
├── Linux Privilege Escalation/ # Methods for elevating privileges on Linux systems
│ └── linux_privilege_escalation.md
│
├── Port Redirection and SSH Tunneling/ # Techniques for bypassing firewalls and redirecting ports
│ └── port_redirection.md
│
├── Tunneling Through Deep Packet Inspection/ # Bypassing DPI with tunneling techniques
│ └── dpi_tunneling.md
│
├── The Metasploit Framework/ # Using Metasploit for penetration testing
│ └── metasploit_framework.md
│
├── Active Directory Introduction and Enumeration/ # Introduction to Active Directory attacks
│ └── ad_introduction.md
│
├── Attacking Active Directory Authentication/ # Attacks against Active Directory authentication methods
│ └── ad_authentication_attacks.md
│
├── Lateral Movement in Active Directory/ # Techniques for moving laterally within AD environments
│ └── ad_lateral_movement.md
│
└── Enumerating AWS Cloud Infrastructure/ # Enumeration techniques in AWS environments
└── aws_enumeration.md
We welcome contributions! If you’d like to contribute to Red Insight, please feel free to fork the repository and submit a pull request. Make sure your contributions align with the repository's focus on penetration testing.