Posts

Variables and loops are fine, but can you craft a custom TCP packet or inject shellcode? This guide accelerates past the basics into Python’s offensive applications.

The Millennium Bug was the largest successful preventative engineering project in human history. This deep-dive examines the technical debt, the fixes, and the lessons for modern Red Teams.

To defeat the EDR, you must think like the EDR. This guide introduces malware analysis concepts specifically for Red Team operators to self-audit payloads and improve stealth.

Moving beyond rockyou.txt: Building dedicated cracking infrastructure, optimizing Hashcat for enterprise targets, and generating custom targeted wordlists.

A comprehensive guide to PowerSploit, the powerful PowerShell framework for offensive security operations, covering all modules, real-world attack scenarios, detection evasion techniques, and integration with modern red team workflows.

A comprehensive guide to advanced phishing evasion techniques for Red Team engagements. Learn infrastructure masking, cloaking, HTML smuggling, and how to bypass automated analysis and Secure Email Gateways.

A comprehensive deep-dive into Ruby on Rails from a security professional’s perspective. Learn the “convention over configuration” philosophy, master strong parameters to prevent mass assignment, and discover how to find and exploit deserialization vulnerabilities, insecure routes, and hidden secrets in Rails applications.

A massive, comprehensive deep-dive into the history and evolution of Netscape Navigator. From its roots in Mosaic and the “Mother of all Demos” influence to the 1995 SSL RNG hack and the birth of the Mozilla project, we explore the tech that defined the early web.

A comprehensive deep-dive into buffer overflow vulnerabilities. Learn the mechanics of stack frames, master the art of Return-Oriented Programming (ROP), discover how to bypass modern memory protections like ASLR/DEP, and write your first stack-based exploit.

A deep-dive into the core concepts, frameworks, and operational strategies of modern red teaming. Learn the critical difference between pen testing and adversary emulation, master the Unified Kill Chain, build resilient C2 infrastructure (redirectors, domain fronting), and understand the art of Purple Teaming.

A working operator’s guide to Metasploit. Covers the module taxonomy, why you actually want the database initialized, staged vs non-staged payloads and when each one matters, Meterpreter’s load-bearing extensions (stdapi, kiwi, incognito, priv), pivoting (autoroute, portfwd, SOCKS), and resource scripts for the listener setup you’d otherwise type a hundred times an engagement.

A working guide to social engineering for red team engagements. Covers Cialdini’s six principles of persuasion as they’re actually used in pretexting, OSINT for building a credible story, Adversary-in-the-Middle phishing against MFA-protected accounts, MFA fatigue, vishing, physical entry, and how to write findings up without throwing individual employees under the bus.

A guide to using Nim for offensive tooling. Covers language fundamentals, the winim WinAPI bindings, compile-time string obfuscation with macros, direct syscall stubs, the offensive Nim ecosystem (OffensiveNim, NimlineWhispers, Nim-RunPE, NimPackt, Nimcrypt2), and an honest take on what edge Nim actually still gives you against modern EDR.

A long look at Unix from its 1960s origins through commercial AT&T System V, the BSD lineage, Linux, the modern Unix-derived stack underneath everything from macOS to cloud containers, and the security debt that comes with a 1970s permission model still running in 2026.

PE/ELF/Mach-O structure, x86/x64 assembly, disassembly versus decompilation, dynamic analysis with debuggers and Frida, and the anti-RE tricks you’ll meet on the way.

Past nmap -sC -sV — TCP/IP behavior that shapes scan results, NSE for real enumeration, IDS-aware timing, packet-level evasion, and where RustScan and Masscan are actually faster.

Manual UNION-based exfiltration, error-based and blind SQLi, WAF evasion, out-of-band data theft over DNS and HTTP, second-order injection, and the sqlmap flags that matter on real engagements.

A comprehensive deep-dive into the Rust programming language for offensive security. Learn the core concepts of ownership and borrowing, master idiomatic error handling, build a multi-threaded port scanner, and discover how to use “Unsafe Rust” for shellcode injection and high-performance exploit development.

A comprehensive deep-dive into the history and evolution of the computer mouse. From Douglas Engelbart’s wooden prototype to modern laser sensors and wireless HID attacks, we explore the tech that changed how we interact with machines - and the security implications of implicit peripheral trust.

A deep-dive into XSS from an offensive perspective. Beyond alert(1) — cookie theft, weaponized BeEF hooks, blind XSS, and bypassing modern WAFs and CSPs.

An introduction to penetration testing for people getting into the field. The differences between VA, PT, and red teaming; PTES as a workflow; what actually goes into a good report; and the legal lines you can’t cross.

A guide for red team operators coming from Linux. Where Darwin differs from Linux at the userland and kernel level, how SIP and TCC change what root means, how to live off the land with JXA and AppleScript, and how to persist with launchd.

A deep-dive into PsExec for offensive work. How it works under the hood, how to leverage pass-the-hash with Impacket, service-name evasion, and the forensic footprint it leaves so you know when to reach for it and when to reach for something else.

A deep-dive into sc.exe for offensive work. Weaponize the Windows Service Control Manager for remote code execution, persist via service failure actions, exploit weak service ACLs, and load kernel drivers.

A deep-dive into Wmic for offensive work. Interrogate system internals, move laterally, find security software, abuse XSL transforms for code execution, and understand the forensic footprint WMI leaves behind.

A deep-dive into microcode. How it works, why updates aren’t persistent, where the cryptography is (and isn’t) bulletproof, and why microarchitectural attacks like Downfall and Zenbleed keep happening.

A guide to Active Directory reconnaissance with built-in tooling. Discover privileged accounts, identify service accounts, spot unconstrained delegation, and operate when RSAT isn’t installed.

A comprehensive deep-dive into advanced Windows command-line tools. Learn how to leverage modern binaries like curl and tar, abuse legacy tools for download and execution, and perform stealthy data theft and persistence without triggering alerts.

A specialized guide for Red Team operators on exfiltrating and migrating data from a target MySQL database to a local PostgreSQL instance. Learn how to use Docker for rapid infrastructure deployment, pgloader for automated schema conversion, and handle both live network migrations and offline dump analysis.

A practical walkthrough of Chisel for tunneling — reverse SOCKS, port forwarding, TLS hardening with a real cert, source-level evasion tweaks, and how it compares to Ligolo-ng.

How Pass-the-Hash actually works against RDP — what makes it normally fail, why Restricted Admin Mode flips that around, the correct xfreerdp syntax, RDP-over-SOCKS tuning, and the Logon Type 3 anomaly that gives the technique away.

A working guide to network tunneling for offensive ops — iptables NAT, every flavor of SSH forwarding (including reverse SOCKS and ProxyJump), Windows netsh portproxy, socat, and the modern compiled tools that have largely replaced everything else (Chisel and Ligolo-ng).

A red team walkthrough of Impacket’s mssqlclient.py — discovery, every common auth method, RCE via xp_cmdshell / OLE Automation / CLR, hash capture via xp_dirtree, linked-server hops, file transfer over TDS, and finding the data that actually matters.

A walkthrough of Impacket’s SMB tooling for offensive work — smbclient.py, smbserver.py, secretsdump.py, and ntlmrelayx.py. Covers Pass-the-Hash, hash capture via UNC paths, DCSync, and cross-protocol NTLM relay.

A long walkthrough of smbclient for offensive work — SMB dialects, enumeration, bulk exfiltration, Pass-the-Ticket via Kerberos, opsec around credentials, and what the blue team sees when you connect.

A guide to SSH multiplexing and master control sockets for red team work. Covers running concurrent sessions over a single TCP connection, reducing connection churn, and the risks of socket hijacking.

A long-form Ruby walkthrough for security folks. Covers syntax, the object model, blocks and metaprogramming, networking, FFI, and writing Metasploit modules.

Master the art of flight without leaving a footprint. A comprehensive guide to disabling shell history, managing operational hygiene, and understanding the forensic limit of these techniques across Bash, Zsh, Fish, and PowerShell on Linux.

This article explores how Red Team members can use alternate data streams on Windows NTFS to hide data, with specific examples and cautionary considerations.

A comprehensive guide to mastering port scanning on both Linux and Windows, covering standard tools like Nmap, stealthy built-in techniques, and modern PowerShell-based enumeration.

A comprehensive guide to installing and mastering Impacket, covering installation via pipx, deep dives into core tools, and advanced authentication attacks.

Comprehensive guide to Bash scripting fundamentals with security best practices, modern techniques, and ethical penetration testing examples for red team professionals.

The rise and fall of CP/M, a pioneering operating system, highlights the importance of innovation, standardization, and security in computing history.

Master Linux enumeration with best practices, techniques, and tools to gather system info, identify vulnerabilities, and exploit attack vectors.