Durga Analytics • Offensive Security • 0 → 500 Level
Offensive Security
500 Chapter Master Program
A complete, structured journey designed for learners with no security background, progressing to enterprise Red Team leadership and 500-level expertise.
Program Snapshot
- • 5 phases • 20 modules • 500 chapters
- • Beginner-safe → expert-only progression
- • Labs, walkthroughs & real attack simulations
- • Enterprise-safe, ethical & governance-aligned
Curriculum — 20 Modules, 500 Chapters
Expand any module to view all 25 chapters. Format and interaction follow the attached ESG HTML exactly.
PHASE 1 · MODULE 1: Offensive Security Foundations (Ch 1–25)
1. Red Team vs Blue Team vs Purple Team
2. Legal, Ethical & Contractual Boundaries
3. Penetration Testing Methodologies (PTES, NIST, OWASP)
4. Attacker Kill Chain & Engagement Phases
5. Lab Setup: Kali Linux, VMs & Networks
6. Linux Fundamentals for Attackers
7. Windows Internals for Offensive Security
8. Networking Fundamentals for Exploitation
9. TCP/IP Deep Dive
10. DNS, HTTP & HTTPS Internals
11. Threat Modeling Basics
12. Vulnerability vs Exploit vs Exposure
13. CVE, CVSS & Severity Interpretation
14. Common Enterprise Misconfigurations
15. Lab Safety & OPSEC
16. Virtual Lab Architecture
17. Note-taking & Evidence Collection
18. Offensive Tooling Landscape
19. Types of Reconnaissance
20. Target Scoping & Asset Definition
21. Rules of Engagement
22. Reporting Basics
23. Ethics Case Studies
24. Career Paths in Offensive Security
25. Module 1 Lab
PHASE 1 · MODULE 2: Reconnaissance & Enumeration (Ch 26–50)
26. Passive Reconnaissance & OSINT
27. Google Dorking Techniques
28. Shodan & Censys
29. DNS Enumeration
30. Subdomain Discovery
31. Active Recon with Nmap
32. Service Fingerprinting
33. Banner Grabbing
34. SMB Enumeration
35. FTP & SSH Enumeration
36. Web Server Enumeration
37. Directory Bruteforcing
38. SNMP Enumeration
39. Email & User Enumeration
40. Cloud Recon Fundamentals
41. API Reconnaissance
42. Misconfiguration Discovery
43. Asset Inventory & Mapping
44. Attack Surface Mapping
45. Recon Tool Automation
46. Manual Validation
47. False Positives
48. Recon Reporting
49. Real-world Case Study
50. Module 2 Lab
PHASE 1 · MODULE 3: Web Application Hacking (OWASP) (Ch 51–75)
51. OWASP Top 10 Overview
52. SQL Injection
53. Blind SQL Injection
54. Cross-Site Scripting (XSS)
55. CSRF
56. Authentication Bypass
57. Session Hijacking
58. IDOR
59. File Upload Vulnerabilities
60. Command Injection
61. SSRF
62. Insecure Deserialization
63. Burp Suite Deep Dive
64. API Exploitation
65. JWT Attacks
66. OAuth Misuse
67. Business Logic Flaws
68. Rate-Limit Abuse
69. Web Shell Deployment
70. Privilege Escalation via Web
71. Logging & Detection Gaps
72. Secure Coding Mapping
73. Real-world Web Case Study
74. Remediation Guidance
75. Module 3 Lab
PHASE 1 · MODULE 4: Exploitation & Post-Exploitation (Ch 76–100)
76. Exploit Selection Strategy
77. Metasploit Framework
78. Manual Exploitation
79. Reverse Shells
80. Bind Shells
81. Linux Privilege Escalation
82. Windows Privilege Escalation
83. Credential Dumping
84. Password Cracking
85. Hash Attacks
86. Persistence Mechanisms
87. Lateral Movement
88. Pivoting & Tunneling
89. Cleanup & Trace Reduction
90. Living-off-the-Land
91. OPSEC Failures
92. Logging & Detection Evasion
93. Data Exfiltration
94. Post-Exploitation Enumeration
95. Blue Team Visibility Mapping
96. MITRE ATT&CK Mapping
97. Risk Scoring
98. Evidence Collection
99. Case Study
100. Phase 1 Capstone
PHASE 2 · MODULE 5: Active Directory Foundations (Ch 101–125)
101. Enterprise Identity Architecture Overview
102. Active Directory Components & Trust Model
103. Kerberos Authentication Internals
104. NTLM Authentication Internals
105. Domain Controllers & SYSVOL
106. Users, Groups & Privilege Boundaries
107. Group Policy Objects
108. Service Accounts & Delegation
109. Forests, Domains & Trusts
110. Authentication vs Authorization
111. Common AD Misconfigurations
112. Credential Storage in Windows
113. Local vs Domain Credentials
114. AD Enumeration Strategy
115. LDAP Querying Basics
116. PowerView & Enumeration Tools
117. Identifying High-Value Targets
118. Attack Path Thinking
119. Trust Weaknesses
120. Attack Surface Reduction Failures
121. OPSEC in AD Environments
122. Logging & Visibility in AD
123. Defender View of AD Attacks
124. AD Attack Planning
125. Module 5 Lab
PHASE 2 · MODULE 6: Active Directory Attack Techniques (Ch 126–150)
126. Kerberoasting
127. AS-REP Roasting
128. Password Spraying
129. Pass-the-Hash
130. Pass-the-Ticket
131. Overpass-the-Hash
132. Token Impersonation
133. DCSync Attacks
134. Golden Tickets
135. Silver Tickets
136. Unconstrained Delegation
137. Constrained Delegation
138. RBCD Abuse
139. ACL Abuse
140. GPO Abuse
141. BloodHound Fundamentals
142. BloodHound Path Analysis
143. User → DA Paths
144. Persistence in AD
145. Cleanup
146. Detection Opportunities
147. IR Mapping
148. AD Case Study
149. Lessons Learned
150. Module 6 Capstone
PHASE 2 · MODULE 7: Lateral Movement & Pivoting (Ch 151–175)
151. Internal Network Segmentation
152. SMB Attacks
153. RDP Attacks
154. WinRM Abuse
155. PsExec & Alternatives
156. WMI Movement
157. Scheduled Tasks
158. Token Theft
159. Pivoting Concepts
160. SOCKS Proxies
161. Port Forwarding
162. Jump Hosts
163. Detection Trade-offs
164. OPSEC Failures
165. Blue Team Telemetry
166. Privilege Boundaries
167. Living-off-the-Land
168. Covert Channels
169. Cleanup
170. Case Study
171. MITRE Mapping
172. Risk Impact
173. Documentation
174. Reporting
175. Module 7 Lab
PHASE 2 · MODULE 8: Cloud Offensive Security (Ch 176–200)
176. Cloud Threat Model
177. Shared Responsibility
178. Identity-Centric Attacks
179. Azure AD Architecture
180. AWS IAM Architecture
181. IAM Misconfigurations
182. Credential Harvesting
183. Metadata Attacks
184. SSRF to Cloud
185. Storage Misconfigurations
186. Public Buckets
187. Privilege Escalation
188. Role Chaining
189. Federation Abuse
190. Cloud API Abuse
191. Cloud Logging
192. Hybrid Trust Attacks
193. Cloud Persistence
194. Cloud OPSEC
195. Detection
196. IR View
197. Cloud Case Study
198. Business Impact
199. Reporting
200. Module 8 Lab
PHASE 2 · MODULE 9: Hybrid AD–Cloud Attack Chains (Ch 201–225)
201. Hybrid Identity Architecture
202. AD Connect & Sync Risks
203. Password Hash Sync Abuse
204. Federation Token Abuse
205. Compromising Cloud from On-Prem
206. Compromising On-Prem from Cloud
207. Identity Bridging Attacks
208. Conditional Access Bypass
209. MFA Fatigue Attacks
210. Privileged Identity Management Abuse
211. Shadow Admins
212. Service Principal Abuse
213. API Permission Escalation
214. Tenant-Wide Persistence
215. Hybrid Detection Failures
216. OPSEC in Hybrid Attacks
217. Incident Response Challenges
218. Business Impact Modeling
219. Reporting Hybrid Risks
220. Executive Findings
221. Hybrid Breach Case Study
222. Lessons Learned
223. Defensive Recommendations
224. MITRE ATT&CK Mapping
225. Module 9 Capstone
PHASE 2 · MODULE 10: Enterprise Red Team Campaign (Ch 226–250)
226. Campaign Planning
227. Initial Access Strategy
228. Infrastructure Setup
229. Attack Chain Design
230. OPSEC & Detection Avoidance
231. Domain Compromise Strategy
232. Cloud Expansion Strategy
233. Persistence Planning
234. Data Objectives
235. Business Impact Targeting
236. Time-on-Target
237. Blue Team Interaction
238. Logging Gaps Exploitation
239. Evidence Collection
240. Executive Risk Framing
241. Writing Red Team Reports
242. Technical vs Executive Reporting
243. Debrief Sessions
244. Lessons Learned
245. Ethical & Legal Closure
246. Cleanup & Restoration
247. Metrics for Success
248. Career Readiness
249. Interview Preparation
250. Phase 2 Capstone
PHASE 3 · MODULE 11: Command & Control (C2) Fundamentals (Ch 251–275)
251. Why C2 Exists Beyond Reverse Shells
252. C2 Architecture Models
253. Beaconing vs Interactive Control
254. Payload vs Transport Separation
255. C2 Traffic Characteristics
256. DNS-based C2 Concepts
257. HTTP(S)-based C2 Concepts
258. Cloud-hosted C2 Trade-offs
259. Domain Fronting (Conceptual)
260. Redirectors & Infrastructure Layering
261. Kill Switches & Safety Controls
262. C2 OPSEC Failures
263. Defender Detection Logic
264. C2 Logging & Telemetry
265. Beacon Timing & Jitter
266. Payload Size & Memory Footprint
267. Credential Hygiene in C2
268. C2 vs Firewall & Proxy Controls
269. Resilience & Failover
270. C2 Lifecycle Management
271. Evidence & Attribution Risk
272. Reporting C2 Findings
273. Red Team Ethics & Guardrails
274. Case Study: C2 Burned
275. Module 11 Lab
PHASE 3 · MODULE 12: Defense Evasion & Detection-Aware Ops (Ch 276–300)
276. What EDR Detects
277. Signature vs Behavioral Detection
278. Userland vs Kernel Visibility
279. Memory-based Detection
280. Living-off-the-Land Strategy
281. Native Windows Tool Abuse
282. PowerShell CLM
283. AMSI Concepts
284. Credential Access Detection
285. Command-line Telemetry
286. Parent–Child Process Chains
287. Process Injection Concepts
288. Obfuscation Trade-offs
289. Tool Noise vs Manual Actions
290. Blending with Admin Activity
291. Detection Fatigue
292. False Positive Risks
293. Blue Team Response Playbooks
294. Red Team Timing Strategy
295. OPSEC Failures
296. Evidence Suppression
297. Reporting Detection Gaps
298. MITRE Mapping
299. Case Study: EDR-Aware Ops
300. Module 12 Lab
PHASE 3 · MODULE 13: Persistence & Long-Dwell Access (Ch 301–325)
301. Persistence vs Resilience
302. Windows Persistence
303. Registry Persistence
304. Scheduled Tasks & Services
305. WMI Event Subscriptions
306. AD-based Persistence
307. Cloud Persistence Patterns
308. Credential-based Persistence
309. Token Lifetimes
310. Multi-layer Persistence
311. Persistence OPSEC Failures
312. Cleanup vs Dormancy
313. Detectability of Persistence
314. Defender Hunting
315. Persistence Risk Assessment
316. Ethical Boundaries
317. Kill Date & Auto-Removal
318. Reporting Persistence
319. Case Study: Long Dwell
320. Business Impact
321. Blue Team Recovery
322. Risk Acceptance
323. Executive Messaging
324. Lessons Learned
325. Module 13 Lab
PHASE 3 · MODULE 14: Adversary Emulation & Threat Actor Mapping (Ch 326–350)
326. What Adversary Emulation Means
327. Nation-State vs Criminal Tradecraft
328. MITRE ATT&CK in Practice
329. Threat Intelligence Sources
330. Building an Adversary Profile
331. Selecting TTPs Ethically
332. Emulating Initial Access
333. Emulating Lateral Movement
334. Emulating Persistence
335. Emulating Data Objectives
336. Kill Chain Replay Design
337. Purple Team Collaboration
338. Measuring Detection Coverage
339. Gap Identification
340. False Confidence Risks
341. Reporting Emulation Results
342. Executive Threat Narratives
343. Case Study: APT Simulation
344. Lessons from Real Breaches
345. Mapping Defensive Controls
346. Control Validation Metrics
347. Threat-Informed Defense
348. Continuous Improvement Cycles
349. Red Team Maturity Models
350. Module 14 Capstone
PHASE 3 · MODULE 15: Operational Planning, Risk & Legal Control (Ch 351–375)
351. Senior-Level Engagement Scoping
352. Legal Risk Management
353. Safe Payload Design
354. Incident Escalation Paths
355. Kill Switch Implementation
356. Data Handling & Privacy
357. Regulated Industry Constraints
358. Executive Sponsorship
359. Crisis Simulation Handling
360. When to Stop Operations
361. Ethics Review Boards
362. Internal vs External Red Teams
363. Insurance & Liability
364. Evidence Retention
365. Stakeholder Debriefs
366. Public Disclosure Risk
367. Trust Preservation
368. Reporting Failures Honestly
369. Post-Engagement Cleanup
370. Red Team Code of Conduct
371. Career Responsibility
372. Burnout & Cognitive Load
373. Lessons Learned Frameworks
374. Maturity Assessment
375. Module 15 Workshop
PHASE 3 · MODULE 16: Full Red Team Campaign & Board Outcomes (Ch 376–400)
376. Campaign Design from Threat Model
377. Objective-Based Targeting
378. Time-on-Target Strategy
379. Silent vs Loud Phases
380. Domain & Cloud Objectives
381. Data Sensitivity Targeting
382. Business Process Impact
383. Ransomware Simulation
384. Insider Threat Simulation
385. Detection Testing vs Bypass
386. Metrics That Matter to Boards
387. Translating TTPs to Risk
388. Executive Risk Storytelling
389. Board-Level Reporting
390. Heatmaps & Control Gaps
391. Budget Justification
392. Purple Team Outcomes
393. Organizational Learning
394. Security ROI Discussion
395. Closing the Loop
396. Ethical Closure
397. Career Readiness Review
398. Senior Interview Prep
399. Lessons from Elite Teams
400. Phase 3 Capstone
PHASE 4 · MODULE 17: Ethics, Boundaries & Non-Objectives (Ch 401–425)
401. What Zero-Day Exploits Are
402. Why Zero-Days Are High Risk
403. Legal Exposure of Zero-Days
404. Why Enterprises Don’t Need Zero-Days
405. Defensive Value vs Risk
406. Real Breaches Without Zero-Days
407. Red Team Alternatives
408. Reporting Zero-Day Exposure
409. Payloads vs Malware
410. Why Malware Isn’t Required
411. Malware vs Tradecraft
412. Detection Risk of Malware
413. Legal Classification of Malware
414. Safer Simulation Techniques
415. Living-off-the-Land Value
416. Defender Signal Quality
417. Criminal Monetization Defined
418. Why Monetization ≠ Red Teaming
419. Legal Consequences
420. Ransomware Simulation
421. Ethical Red Lines
422. Business Impact Without Harm
423. Executive-Safe Modeling
424. Responsible Disclosure
425. Phase 4 Workshop
PHASE 5 · MODULE 18: Purple Team Engineering & Control Validation (Ch 426–450)
426. Red vs Purple Boundaries
427. Compromise vs Improvement
428. Detection Engineering Concepts
429. Control Validation
430. TTP → Detection Mapping
431. ATT&CK Coverage Metrics
432. Signal-to-Noise Trade-offs
433. Detection vs Control Gaps
434. Purple Team Exercise Design
435. SOC Collaboration
436. Safe Attack Replay
437. Detection Drift
438. False Confidence
439. Measuring Improvement
440. Purple Team Tooling
441. Data Sharing Models
442. Governance of Purple Teaming
443. Regulated Constraints
444. Executive Communication
445. Purple Team KPIs
446. Lessons Learned
447. Culture Alignment
448. Detection Uplift Case Study
449. Org Change Enablement
450. Module 18 Workshop
PHASE 5 · MODULE 19: Red Team Metrics & Business Value (Ch 451–475)
451. Why Metrics Fail
452. Time-to-Detection
453. Time-to-Response
454. Control Effectiveness
455. Attack Surface Metrics
456. Detection Reliability
457. Lateral Movement Resistance
458. Identity Control Strength
459. Cloud Control Metrics
460. SOC Performance
461. Risk-Based Scoring
462. Business Risk Translation
463. Executive Heatmaps
464. Board Narratives
465. ROI of Red Teaming
466. Diminishing Returns
467. Avoiding Metric Gaming
468. Benchmarking
469. Communicating Bad News
470. Regulated Metrics
471. Metrics Failure Case
472. Metrics Success Case
473. Continuous Measurement
474. Reporting Cadence
475. Module 19 Capstone
PHASE 5 · MODULE 20: Red Team Program Design & Maturity (Ch 476–500)
476. Pentest vs Red vs Purple
477. Internal vs External Teams
478. Hybrid Models
479. Operating Models
480. Talent Profiles
481. Hiring Senior Talent
482. Skill Progression
483. Burnout Management
484. Tooling Standardization
485. Knowledge Retention
486. Engagement Fatigue
487. Legal Governance
488. Crisis Escalation
489. Data Handling
490. Trust Preservation
491. Stakeholder Management
492. Budget Justification
493. Vendor Red Teams
494. Maturity Models
495. Scaling Programs
496. Global Constraints
497. Ethics Boards
498. Program Health Indicators
499. Executive Reporting
500. Phase 5 Capstone
Self-Paced
On-demand access
Contact
Full 500-chapter course, videos, PDFs and community access.
Pro — Enterprise Pack
Instructor-led + Templates
Contact
Includes instructor sessions, corporate licensing and tailored templates.
Enterprise Cohorts
Customized cohorts
Contact Sales
Custom delivery, labs, datasets and integrations.
Instructors & Credibility
Course Authors & Red Team Practitioners
Security practitioners with hands-on experience in offensive security, enterprise penetration testing, Active Directory & cloud attack paths, detection-aware Red Team operations, and adversary emulation in regulated environments.
Includes:
Hands-on labs, attack walkthroughs, enterprise-style runbooks,
detection-aware simulations, reporting templates, and Red Team playbooks.
Get Started
Enroll or request a cohort. We’ll provide access to curriculum, lab environments, datasets, and enterprise-grade project briefs.