████████▄ ▄██ ▄ ▄████████ ▄█ ▄█▄ ▄██ ▄ ▄████████ ▄████████ ▄████████ ▄█ ▄███████▄ ███
███ ▀███ ███ ██▄ ███ ███ ███ ▄███▀ ███ ██▄ ███ ███ ███ ███ ███ ███ ███ ███ ███ ▀█████████▄
███ ███ ███▄▄▄███ ███ █▀ ███▐██▀ ███▄▄▄███ ███ █▀ ███ █▀ ███ ███ ███▌ ███ ███ ▀███▀▀██
███ ███ ▀▀▀▀▀▀███ ███ ▄█████▀ ▀▀▀▀▀▀███ ███ ███ ▄███▄▄▄▄██▀ ███▌ ███ ███ ███ ▀
███ ███ ▄██ ███ ███ ▀▀█████▄ ▄██ ███ ▀███████████ ███ ▀▀███▀▀▀▀▀ ███▌ ▀█████████▀ ███
███ ███ ███ ███ ███ █▄ ███▐██▄ ███ ███ ███ ███ █▄ ▀███████████ ███ ███ ███
███ ▄███ ███ ███ ███ ███ ███ ▀███▄ ███ ███ ▄█ ███ ███ ███ ███ ███ ███ ███ ███
████████▀ ▀█████▀ ████████▀ ███ ▀█▀ ▀█████▀ ▄████████▀ ████████▀ ███ ███ █▀ ▄████▀ ▄████▀
For authorized security testing and education only. Always obtain proper written authorization before testing.
| Section | Description | Skill Level |
|---|---|---|
| Learning Path | Your journey from beginner to expert | All Levels |
| Chapter 1: Flipper Zero | BadUSB fundamentals and payloads | Beginner → Expert |
| Chapter 2: WiFi Pineapple | Wireless attack platform | Beginner → Expert |
| Chapter 3: Technical Reference | Protocols, hardware, tools | Intermediate → Expert |
| Chapter 4: Security Operations | Red Team & Blue Team training | Intermediate → Expert |
| Chapter 5: Skill Levels | Hands-on practice by level | All Levels |
| Payloads Library | Ready-to-use payload collection | All Levels |
This repository is designed as a progressive learning system. Follow the path below based on your current skill level:
┌─────────────────────────────────────────────────────────────────────────────┐
│ YOUR LEARNING JOURNEY │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ BASIC │──▶│INTERMEDIATE │──▶│ ADVANCED │──▶│ EXPERT │ │
│ │ (Week 1-2) │ │ (Week 3-4) │ │ (Week 5-6) │ │ (Week 7+) │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ └─────────────┘ │
│ │ │ │ │ │
│ ▼ ▼ ▼ ▼ │
│ • Hello World • System Recon • AMSI Bypass • Custom C2 │
│ • Basic Keys • Persistence • UAC Bypass • Full Chains │
│ • Simple Delays • WiFi Extract • Reverse Shells • Evasion Dev │
│ • First Payload • Network Scan • Anti-Forensics • Tool Creation │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Before you begin, you should have:
- Basic understanding of command line (Windows CMD or Linux terminal)
- A Flipper Zero device OR WiFi Pineapple Pager (or virtual lab)
- Text editor for writing scripts
- Test environment (VM recommended)
Goal: Understand what DuckyScript and Bash are, write your first payloads
| Day | Topic | Link | Practice |
|---|---|---|---|
| 1 | What is BadUSB? | Chapter 1.1 | Read & understand |
| 2 | DuckyScript basics | Basic Ducky | Hello World |
| 3 | Bash scripting intro | Basic Bash | First script |
| 4 | Your first payload | FZ-B01 | Copy & test |
| 5 | System commands | FZ-B04 | Modify & test |
| 6-7 | Basic challenges | Challenges | Complete all |
Checkpoint: Can you write a payload that opens Notepad and types your name?
Goal: Extract information, establish basic persistence, understand detection
| Day | Topic | Link | Practice |
|---|---|---|---|
| 8 | WiFi extraction | FZ-I02 | Test in lab |
| 9 | Network recon | FZ-I03 | Document findings |
| 10 | Persistence basics | FZ-I08 | Understand mechanisms |
| 11 | WiFi Pineapple intro | PP Fundamentals | Setup device |
| 12 | Detection basics | Blue Team | Learn to detect |
| 13-14 | Intermediate challenges | Challenges | Complete all |
Checkpoint: Can you extract WiFi passwords AND detect if someone did this to your system?
Goal: Bypass security controls, understand evasion, implement countermeasures
| Day | Topic | Link | Practice |
|---|---|---|---|
| 15 | AMSI bypass | FZ-A03 | Understand why |
| 16 | UAC bypass | FZ-A04 | Test & detect |
| 17 | Reverse shells | FZ-A02 | Lab only! |
| 18 | EDR evasion | EDR Guide | Both sides |
| 19 | Evil Twin attacks | PP-A01 | Authorized only |
| 20-21 | Advanced challenges | Challenges | Complete all |
Checkpoint: Can you bypass AMSI AND write a detection rule for your bypass?
Goal: Create complete attack chains, develop custom tools, lead security assessments
| Topic | Link | Mastery Goal |
|---|---|---|
| Complete attack chains | FZ-A09 | Understand full lifecycle |
| Anti-forensics | FZ-A10 | Know what to look for |
| Persistence framework | FZ-E01 | Multiple mechanisms |
| Botnet understanding | Botnet Guide | C2 operations |
| Incident response | IR Guide | Lead IR efforts |
| Expert challenges | Challenges | Create your own |
Checkpoint: Can you design a full red team engagement AND the blue team response?
Ducky_Bash/
├── README.md # You are here - Learning guide
├── Payloads/ # Ready-to-use payload files
│ ├── Flipper_Zero/
│ │ ├── Basic/ # Beginner payloads
│ │ ├── Intermediate/ # Growing complexity
│ │ ├── Advanced/ # Security bypasses
│ │ └── Expert/ # Full attack chains
│ └── WiFi_Pineapple/
│ ├── Basic/ # Simple alerts & scans
│ ├── Intermediate/ # Logging & tracking
│ ├── Advanced/ # Evil twin, captive portal
│ └── Expert/ # Full spectrum audits
│
├── Chapter_01_Flipper_Zero_BadUSB/ # VOLUME 1
│ ├── 01_Fundamentals/ # Core concepts
│ ├── 02_Basic_Scripts/ # FZ-B01 through FZ-B15
│ ├── 03_Intermediate_Scripts/ # FZ-I01 through FZ-I15
│ ├── 04_Advanced_Scripts/ # FZ-A01 through FZ-A10
│ ├── 05_Expert_Scripts/ # FZ-E01 through FZ-E05
│ ├── 06_Deployment_Strategies/ # Physical access tactics
│ ├── 07_Development_Creation/ # Building payloads
│ ├── 08_Red_Team_Tactics/ # Offensive operations
│ └── 09_Blue_Team_Countermeasures/ # Detection & prevention
│
├── Chapter_02_WiFi_Pineapple_Pager/ # VOLUME 2
│ ├── 01_Fundamentals/ # Device overview
│ ├── 02_Basic_Payloads/ # PP-B01 through PP-B10
│ ├── 03_Intermediate_Payloads/ # PP-I01 through PP-I10
│ ├── 04_Advanced_Payloads/ # PP-A01 through PP-A05
│ ├── 05_Red_Team_Tactics/ # Wireless attacks
│ └── 06_Blue_Team_Countermeasures/ # Rogue AP detection
│
├── Chapter_03_Technical_Addendum/ # VOLUME 3
│ ├── 01_Hardware_Deep_Dive/ # Device specifications
│ ├── 02_Firmware_Ecosystem/ # Custom firmware
│ ├── 03_Protocol_Reference/ # 802.11, WPA, EAPOL
│ ├── 04_USB_VID_PID_Database/ # Device identification
│ ├── 05_Keyboard_Layouts/ # International support
│ ├── 06_MITRE_ATT_CK_Mapping/ # Framework alignment
│ ├── 07_Cracking_Reference/ # Hashcat, aircrack-ng
│ ├── 08_Lab_Environment/ # Setup guide
│ ├── 09_Tool_Integration/ # Metasploit, Cobalt Strike
│ ├── 10_Defensive_Signatures/ # Detection rules
│ └── 11_Legal_Compliance/ # Authorization templates
│
├── Chapter_04_Security_Operations/ # VOLUME 4
│ ├── 01_Blue_Team_Fundamentals/ # Defense in depth
│ ├── 02_Security_Monitoring_SIEM/ # Log analysis
│ ├── 03_EDR/ # Endpoint detection
│ ├── 04_Network_Monitoring_IDS_IPS/ # Traffic analysis
│ ├── 05_Botnet_Understanding/ # C2 operations
│ ├── 06_Security_Hardening/ # System lockdown
│ ├── 07_Incident_Response/ # IR procedures
│ └── 08_Threat_Intelligence/ # IOCs and hunting
│
└── Chapter_05_Skill_Levels/ # HANDS-ON TRAINING
├── 01_Basic/
│ ├── Ducky/ # DuckyScript lessons
│ ├── Bash/ # Bash scripting lessons
│ ├── Challenges/ # Test your skills
│ └── Practice/ # Guided exercises
├── 02_Intermediate/
│ ├── Ducky/
│ ├── Bash/
│ ├── Challenges/
│ └── Practice/
├── 03_Advanced/
│ ├── Ducky/
│ ├── Bash/
│ ├── Challenges/
│ └── Practice/
└── 04_Expert/
├── Ducky/
├── Bash/
├── Challenges/
└── Practice/
The Flipper Zero is a portable multi-tool for pentesters and geeks. Its BadUSB functionality allows it to emulate a USB keyboard and execute pre-written scripts.
- DuckyScript syntax and commands
- Payload development workflow
- Evasion techniques
- Detection and prevention
| Section | Description | Files |
|---|---|---|
| 01_Fundamentals | Core concepts, command reference | Introduction, Commands |
| 02_Basic_Scripts | Hello World to WiFi display | FZ-B01 → FZ-B15 |
| 03_Intermediate_Scripts | Recon, extraction, persistence | FZ-I01 → FZ-I15 |
| 04_Advanced_Scripts | Bypasses, shells, attack chains | FZ-A01 → FZ-A10 |
| 05_Expert_Scripts | Full frameworks, engagement payloads | FZ-E01 → FZ-E05 |
| 08_Red_Team_Tactics | Offensive operations guide | MITRE mapping |
| 09_Blue_Team_Countermeasures | Detection and prevention | Sigma rules, scripts |
The WiFi Pineapple Pager is a compact wireless auditing platform for capturing handshakes, deploying rogue APs, and monitoring wireless networks.
- Bash scripting for wireless attacks
- Handshake capture and cracking
- Evil twin deployments
- Wireless IDS/IPS
| Section | Description | Files |
|---|---|---|
| 01_Fundamentals | Device overview, payload system | Introduction |
| 02_Basic_Payloads | Alerts, scans, status checks | PP-B01 → PP-B10 |
| 03_Intermediate_Payloads | Logging, tracking, recon | PP-I01 → PP-I10 |
| 04_Advanced_Payloads | Evil twin, PMKID, full audits | PP-A01 → PP-A05 |
| 05_Red_Team_Tactics | Wireless attack operations | Deployment guide |
| 06_Blue_Team_Countermeasures | Rogue AP detection | WIDS setup |
Deep technical reference for hardware, protocols, and tool integration.
- Hardware specifications and internals
- Protocol details (802.11, WPA, EAPOL)
- Tool integration (Metasploit, Cobalt Strike)
- Detection signatures
Complete Red Team and Blue Team training for security professionals.
- SOC operations and SIEM
- EDR and its evasion
- Network monitoring
- Incident response
- Threat intelligence
Hands-on learning with side-by-side DuckyScript and Bash comparisons.
Each skill level contains:
- Ducky/ - DuckyScript-specific lessons
- Bash/ - Bash scripting lessons
- Challenges/ - Test your knowledge
- Practice/ - Guided hands-on exercises
Every concept is taught in both languages:
┌──────────────────────────────┬──────────────────────────────┐
│ DUCKYSCRIPT │ BASH │
├──────────────────────────────┼──────────────────────────────┤
│ REM This is a comment │ # This is a comment │
│ DELAY 1000 │ sleep 1 │
│ STRING Hello World │ echo "Hello World" │
│ ENTER │ # (implicit in script) │
│ GUI r │ xdotool key super+r │
└──────────────────────────────┴──────────────────────────────┘
Ready-to-use payloads organized by device and skill level.
| Level | Count | Description |
|---|---|---|
| Basic | 15 | Hello World, system info, pranks |
| Intermediate | 15 | Recon, extraction, persistence |
| Advanced | 10 | Bypasses, shells, attack chains |
| Expert | 5 | Full engagement frameworks |
| Level | Count | Description |
|---|---|---|
| Basic | 10 | Alerts, scans, status |
| Intermediate | 10 | Logging, tracking, probes |
| Advanced | 5 | Evil twin, PMKID, audits |
| Expert | 5 | Full spectrum operations |
Every payload/technique lesson follows this format:
┌─────────────────────────────────────────────────────────────────────────────┐
│ LESSON STRUCTURE │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ 1. OVERVIEW │
│ • What this payload/technique does │
│ • Difficulty level and prerequisites │
│ • MITRE ATT&CK mapping │
│ │
│ 2. THE CODE │
│ • Complete, commented payload │
│ • Line-by-line explanation │
│ │
│ 3. HOW IT WORKS │
│ • Technical deep-dive │
│ • Why each component is necessary │
│ • Common variations │
│ │
│ 4. RED TEAM PERSPECTIVE │
│ • How attackers use this │
│ • Evasion techniques │
│ • Real-world scenarios │
│ │
│ 5. BLUE TEAM PERSPECTIVE │
│ • How to detect this │
│ • Prevention measures │
│ • Detection scripts/rules │
│ │
│ 6. PRACTICE EXERCISES │
│ • Modify the payload │
│ • Write detection rules │
│ • Challenge questions │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Want to add payloads or improve documentation?
- Fork the repository
- Create a feature branch
- Follow the lesson structure above
- Include both Red Team and Blue Team perspectives
- Submit a pull request
This repository is for authorized security testing and educational purposes only.
- Always obtain written authorization before testing
- Never use these techniques against systems you don't own or have permission to test
- Understand and comply with local laws and regulations
- The authors are not responsible for misuse
| Version | Date | Changes |
|---|---|---|
| 1.0 | December 2025 | Initial release with complete training structure |
Happy Learning! Start with Basic Level if you're new.