A working tour of the Python that matters on offensive engagements. Raw sockets, binary parsing with struct, ctypes for Win32 calls and shellcode loaders, Scapy for packet crafting, and the current state of the libraries every operator ends up writing on top of (Impacket, NetExec, pwntools, mitm6).
A look back at the Millennium Bug as the largest successful preventative engineering project in computing history. Why the two-digit year was an economic decision rather than laziness, how the fixes actually worked (date expansion, windowing, bridging), what really did break at midnight on January 1 2000, and what the same pattern looks like for the 2038 Unix time_t overflow that’s coming for embedded Linux next.
A working primer on static and dynamic PE analysis from the operator’s seat. What an EDR actually sees when your payload lands on disk, why your IAT and entropy and PDB paths are doing most of the talking, and a self-audit loop that catches the obvious tells before the payload ever touches a customer machine.
A working operator’s view of password cracking past rockyou.txt. Building a dedicated GPU rig (and when to burst to cloud), tuning Hashcat for fast and slow hash types, generating context-specific wordlists with CeWL and PRINCE, and writing rules that target how humans actually compose passwords inside an enterprise.
A walk through the modern phishing campaign architecture from an operator’s seat. Domain warming, redirector tiers, ASN and geo cloaking, CAPTCHA gates to defeat sandbox click-time URL scanning, HTML smuggling via the Blob API, SVG smuggling, and homograph tricks. Plus the current state of the arms race in 2026 with AiTM kits like Tycoon and EvilProxy, and what defenders should actually focus on.
A Rails primer for operators who need to assess or exploit a Rails application. Covers the MVC layout that tells you where the bugs live, strong parameters and the permit! footgun, what SECRET_KEY_BASE actually gives you on modern Rails versus the classic Marshal RCE chain on Rails 3, the raw/html_safe XSS surface, IDOR patterns, and the static-analysis tools (Brakeman, bundler-audit) that should be your first pass.
How Netscape Navigator went from 80% market share to bankruptcy in roughly twelve years, the technologies it left behind (SSL, JavaScript, cookies, the same-origin policy), the 1995 Goldberg–Wagner RNG break that ended “the algorithm is strong” as a defense, Microsoft’s antitrust-defining “cut off air supply” campaign, and what survives of Netscape in the modern browser stack a working operator interacts with every day.
How a stack-based buffer overflow actually corrupts a stack frame, what the classic mitigations (ASLR, DEP/NX, stack canaries) do and how each gets bypassed, why modern Windows and Linux added more layers (CFG, CET shadow stacks, PIE, PAC), and the development workflow for writing a first exploit against an unhardened target. Aimed at operators who’ve used Metasploit but never written an exploit from scratch.
A working operator’s view of red teaming versus pen testing, the Unified Kill Chain as a practical mental model rather than a theoretical framework, how modern C2 infrastructure is actually built (and why domain fronting isn’t the answer anymore), purple teaming as collaborative tuning, deconfliction with the white cell, and the operator-side OPSEC habits that decide whether you finish the engagement quietly.
A working operator’s guide to Metasploit. Covers the module taxonomy, why you actually want the database initialized, staged vs non-staged payloads and when each one matters, Meterpreter’s load-bearing extensions (stdapi, kiwi, incognito, priv), pivoting (autoroute, portfwd, SOCKS), and resource scripts for the listener setup you’d otherwise type a hundred times an engagement.
A working guide to social engineering for red team engagements. Covers Cialdini’s six principles of persuasion as they’re actually used in pretexting, OSINT for building a credible story, Adversary-in-the-Middle phishing against MFA-protected accounts, MFA fatigue, vishing, physical entry, and how to write findings up without throwing individual employees under the bus.
A guide to using Nim for offensive tooling. Covers language fundamentals, the winim WinAPI bindings, compile-time string obfuscation with macros, direct syscall stubs, the offensive Nim ecosystem (OffensiveNim, NimlineWhispers, Nim-RunPE, NimPackt, Nimcrypt2), and an honest take on what edge Nim actually still gives you against modern EDR.
A long look at Unix from its 1960s origins through commercial AT&T System V, the BSD lineage, Linux, the modern Unix-derived stack underneath everything from macOS to cloud containers, and the security debt that comes with a 1970s permission model still running in 2026.
PE/ELF/Mach-O structure, x86/x64 assembly, disassembly versus decompilation, dynamic analysis with debuggers and Frida, and the anti-RE tricks you’ll meet on the way.
Past nmap -sC -sV — TCP/IP behavior that shapes scan results, NSE for real enumeration, IDS-aware timing, packet-level evasion, and where RustScan and Masscan are actually faster.
Manual UNION-based exfiltration, error-based and blind SQLi, WAF evasion, out-of-band data theft over DNS and HTTP, second-order injection, and the sqlmap flags that matter on real engagements.
A comprehensive deep-dive into the Rust programming language for offensive security. Learn the core concepts of ownership and borrowing, master idiomatic error handling, build a multi-threaded port scanner, and discover how to use “Unsafe Rust” for shellcode injection and high-performance exploit development.
A comprehensive deep-dive into the history and evolution of the computer mouse. From Douglas Engelbart’s wooden prototype to modern laser sensors and wireless HID attacks, we explore the tech that changed how we interact with machines - and the security implications of implicit peripheral trust.
A deep-dive into XSS from an offensive perspective. Beyond alert(1) — cookie theft, weaponized BeEF hooks, blind XSS, and bypassing modern WAFs and CSPs.
An introduction to penetration testing for people getting into the field. The differences between VA, PT, and red teaming; PTES as a workflow; what actually goes into a good report; and the legal lines you can’t cross.
A guide for red team operators coming from Linux. Where Darwin differs from Linux at the userland and kernel level, how SIP and TCC change what root means, how to live off the land with JXA and AppleScript, and how to persist with launchd.
A deep-dive into PsExec for offensive work. How it works under the hood, how to leverage pass-the-hash with Impacket, service-name evasion, and the forensic footprint it leaves so you know when to reach for it and when to reach for something else.
A deep-dive into sc.exe for offensive work. Weaponize the Windows Service Control Manager for remote code execution, persist via service failure actions, exploit weak service ACLs, and load kernel drivers.
A deep-dive into Wmic for offensive work. Interrogate system internals, move laterally, find security software, abuse XSL transforms for code execution, and understand the forensic footprint WMI leaves behind.
A deep-dive into microcode. How it works, why updates aren’t persistent, where the cryptography is (and isn’t) bulletproof, and why microarchitectural attacks like Downfall and Zenbleed keep happening.
A guide to Active Directory reconnaissance with built-in tooling. Discover privileged accounts, identify service accounts, spot unconstrained delegation, and operate when RSAT isn’t installed.
A comprehensive deep-dive into advanced Windows command-line tools. Learn how to leverage modern binaries like curl and tar, abuse legacy tools for download and execution, and perform stealthy data theft and persistence without triggering alerts.
A specialized guide for Red Team operators on exfiltrating and migrating data from a target MySQL database to a local PostgreSQL instance. Learn how to use Docker for rapid infrastructure deployment, pgloader for automated schema conversion, and handle both live network migrations and offline dump analysis.
A practical walkthrough of Chisel for tunneling — reverse SOCKS, port forwarding, TLS hardening with a real cert, source-level evasion tweaks, and how it compares to Ligolo-ng.
How Pass-the-Hash actually works against RDP — what makes it normally fail, why Restricted Admin Mode flips that around, the correct xfreerdp syntax, RDP-over-SOCKS tuning, and the Logon Type 3 anomaly that gives the technique away.
A working guide to network tunneling for offensive ops — iptables NAT, every flavor of SSH forwarding (including reverse SOCKS and ProxyJump), Windows netsh portproxy, socat, and the modern compiled tools that have largely replaced everything else (Chisel and Ligolo-ng).
A red team walkthrough of Impacket’s mssqlclient.py — discovery, every common auth method, RCE via xp_cmdshell / OLE Automation / CLR, hash capture via xp_dirtree, linked-server hops, file transfer over TDS, and finding the data that actually matters.
A walkthrough of Impacket’s SMB tooling for offensive work — smbclient.py, smbserver.py, secretsdump.py, and ntlmrelayx.py. Covers Pass-the-Hash, hash capture via UNC paths, DCSync, and cross-protocol NTLM relay.
A long walkthrough of smbclient for offensive work — SMB dialects, enumeration, bulk exfiltration, Pass-the-Ticket via Kerberos, opsec around credentials, and what the blue team sees when you connect.
A guide to SSH multiplexing and master control sockets for red team work. Covers running concurrent sessions over a single TCP connection, reducing connection churn, and the risks of socket hijacking.
A long-form Ruby walkthrough for security folks. Covers syntax, the object model, blocks and metaprogramming, networking, FFI, and writing Metasploit modules.
Master the art of flight without leaving a footprint. A comprehensive guide to disabling shell history, managing operational hygiene, and understanding the forensic limit of these techniques across Bash, Zsh, Fish, and PowerShell on Linux.
This article explores how Red Team members can use alternate data streams on Windows NTFS to hide data, with specific examples and cautionary considerations.
A comprehensive guide to mastering port scanning on both Linux and Windows, covering standard tools like Nmap, stealthy built-in techniques, and modern PowerShell-based enumeration.
A comprehensive guide to installing and mastering Impacket, covering installation via pipx, deep dives into core tools, and advanced authentication attacks.
Comprehensive guide to Bash scripting fundamentals with security best practices, modern techniques, and ethical penetration testing examples for red team professionals.