RTFM: Red Team Field Manual

The Red Team Field Manual (RTFM) is a no fluff, but thorough reference guide for serious Red Team members who routinely find themselves on a mission without Google or the time to scan through a man page. The RTFM contains the basic syntax for commonly used Linux and Windows command line tools, but it also encapsulates unique use cases for powerful tools such as Python and Windows PowerShell. The RTFM will repeatedly save you time looking up the hard to remember Windows nuances such as Windows wmic and dsquery command line tools, key registry values, scheduled tasks syntax, startup locations and Windows scripting. More importantly, it should teach you some new red team techniques.

About the Author

Ben Clark is a prominent figure in the cybersecurity field, known for his expertise in red team operations and his authorship of influential technical manuals. Ben Clark currently serves as the Chief Technology Officer at Millennium Corporation, a position he has held since June 202012. With over 15 years of experience in information security, he has played a crucial role in leading and executing highly technical services.

Ben Clark's inspiration for writing the Red Team Field Manual (RTFM) came from his extensive experience in the field of cybersecurity and red team operations. The RTFM was born out of operator field notes inspired by years of Red Team missions.
Clark recognized a common challenge faced by red team operators: the need for quick, reliable information in time-sensitive situations. As he observed, operators frequently found themselves in familiar operating environments with limited time to search for specific commands or techniques4. This practical need led to the creation of the RTFM as a concise, readily accessible resource.