This technical article provides a detailed overview of various techniques and tools that can be used to bypass firewalls, including examples and best practices for red teamers and pen testers.
Learn how to write concurrent and parallel programs in Rust, explore advanced concurrency techniques, and discover how Rust can be used in pen testing and red teaming scenarios. Compare Rust with other languages commonly used in the security field.
Mastering advanced physical security bypass techniques is essential for any red teamer, providing a significant edge in testing and enhancing an organization’s overall security posture through a blend of technical skills, social engineering, and creative problem-solving.
This article explores the use of JavaScript and Socket.io for building real-time applications, with a focus on techniques and examples relevant to penetration testing and red teaming, while highlighting the pros and cons of using JavaScript in these scenarios.
Explore the power of OSINT in Red Teaming. Dive into techniques like social network profiling, dorking, and domain recon to bolster your social engineering skills.
Explore cyber threat hunting techniques, best practices, and real-world examples to proactively detect, analyze, and mitigate emerging security threats.
This article delves into advanced JavaScript DOM manipulation techniques for red teams and pen testers, covering various methods of accessing, modifying, and traversing the DOM, along with real-world examples demonstrating their applications in hacking scenarios.
Explore advanced physical security bypass techniques, including lock picking, key duplication, RFID exploitation, access control system bypass, and social engineering, for red teaming and pen testing.
This article explores advanced object-oriented programming concepts in Python, such as decorators, inheritance, abstract base classes, composition, aggregation, and properties, along with practical code examples tailored for pen testers and red teamers to create robust and flexible software.
This article is an introduction to the Lua programming language for pen testers and red team members, covering its basic concepts and syntax, examples of its use in network analysis, password cracking, and web scraping, and weighing its pros and cons compared to other languages.
This article explores a range of covert communication and exfiltration techniques for Red Team operations, including protocol-level channels, social media, and out-of-band exfiltration techniques.
This article provides an introduction to PowerShell scripting, including basic concepts and syntax, specific code examples for pen testing and red teaming tasks, and the language’s pros and cons compared to other programming languages in the field.
This article discusses best practices and techniques for effective Cyber Threat Intelligence (CTI) collection, analysis, and dissemination for red teams and pen testers.
This article explores advanced heap spraying techniques used by red teams and pen testers to exploit vulnerabilities in software applications, including non-ASLR and ASLR-based heap spraying, and Unicode heap spraying, with real-world examples and tools.
This article provides a comprehensive guide to the C++ programming language, covering its basic concepts and syntax, as well as its application in pen testing and red teaming, including code examples for a port scanner, password cracker, and web crawler, and discussing its pros and cons compared to other languages for these purposes.
This article explores advanced memory forensics techniques for detecting malicious activity in memory, including process timelining, high-low level analysis, walking the VAD tree, and detecting rogue processes, kernel-level rootkits, DLL hijacking, process hollowing, and sophisticated persistence mechanisms.
This article explores the prevention techniques for Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) attacks in web applications, providing real-world examples, and includes code samples in various web programming languages.
BloodHound is a powerful tool for analyzing Active Directory environments, helping red teamers and pen testers visualize complex relationships, identify security risks and attack paths, and develop effective mitigation strategies to strengthen an organization’s security posture.
This article provides an in-depth discussion of advanced red team exercises specifically focused on supply chain attacks, including reconnaissance, weaponization, delivery, exploitation, and post-exploitation phases, with technical details and real-world examples.
This article discusses the basic concepts and syntax of the Kotlin programming language, as well as its applications in pen testing and red teaming, including code examples for a port scanner, password cracker, and web crawler, and compares its pros and cons to other languages used in the field.
This article provides a detailed overview of IoT security best practices and common vulnerabilities for an advanced audience of experienced security professionals, covering topics such as secure communication protocols, firmware updates, strong passwords, network segmentation, and more.
Mythic is a powerful, open-source post-exploitation framework that offers red teamers and pen testers an extensible and customizable platform with numerous modules, agents, and C2 profiles to enhance their engagements and achieve objectives in various target environments.
This article provides an overview of best practices for cloud security, including secure access to the cloud, encryption to protect data, keeping software up to date, monitoring cloud resources for security events, and using network security best practices, with specific technical examples for AWS, GCP, and Azure.
This article introduces and explains exploit development techniques, best practices, and examples for a technical audience of red teams and pen testers.
This article discusses advanced social engineering techniques, spear phishing, and whaling for a technical audience, including OSINT, psychology of trust, and elements of effective and ineffective attacks.
SharpSocks is a powerful .NET-based proxy tool for red teaming and network penetration testing that enables encrypted communications, protocol obfuscation, and access to internal resources, providing professional hackers with stealth and persistence in their engagements.
This article explores the world of red team exercises, discussing various types of exercises, tools and techniques used, real-world examples, and the five phases of a typical red team exercise.
Explore Swift basics, syntax, and use cases for pen testing and red teaming. Learn how to create custom tools like brute force crackers and port scanners.
This article discusses advanced malware analysis techniques focusing on dynamic analysis and provides real-world examples and code samples for techniques such as memory analysis, network monitoring, and debugging.
This article explores techniques and best practices for physical security testing, including social engineering, physical bypass, lock picking, surveillance, and physical access control.
This article provides a comprehensive guide to using Covenant, a powerful command and control framework for red teaming and post-exploitation operations.
This article provides a comprehensive overview of hacking techniques and real-world examples for exploiting vulnerabilities in IoT devices, including code samples and tool recommendations.
This article delves into the Java programming language, covering basic concepts, syntax, and its practical applications in pen testing and red teaming, while also discussing its pros and cons for cybersecurity professionals.
This comprehensive guide explores Nishang, a collection of PowerShell scripts designed for penetration testing and red teaming, covering PowerShell basics, Nishang modules, advanced techniques, real-world applications, and modern evasion methods.
This article explores the advanced web application attacks of CSRF and XXE, including real-world examples, traffic samples, and mitigation techniques for red teamers and pen testers. These vulnerabilities are often overlooked but are critical in enterprise applications.
To hide in memory, you must study memory. This guide flips the script on forensics, using Volatility to understand how Blue Teams hunt for your beacons.
Pretexting is more than just lying; it’s acting. This guide covers how to build a credible legend, handle resistance, and manipulate human trust for access.
Though legacy in name, Empire established the blueprint for modern C2. We explore the BC-Security fork, listeners, stagers, and how to operate a PowerShell-heavy campaign.
Forget volumetric DDoS. The real damage happens inside the perimeter. We explore IPv6 shadow networks, NAC bypasses, and VLAN hopping techniques for the modern Red Team.
To defeat the EDR, you must think like the EDR. This guide introduces malware analysis concepts specifically for Red Team operators to self-audit payloads and improve stealth.
A comprehensive guide to PowerSploit, the powerful PowerShell framework for offensive security operations, covering all modules, real-world attack scenarios, detection evasion techniques, and integration with modern red team workflows.
A comprehensive guide to advanced phishing evasion techniques for Red Team engagements. Learn infrastructure masking, cloaking, HTML smuggling, and how to bypass automated analysis and Secure Email Gateways.
A comprehensive deep-dive into Ruby on Rails from a security professional’s perspective. Learn the “convention over configuration” philosophy, master strong parameters to prevent mass assignment, and discover how to find and exploit deserialization vulnerabilities, insecure routes, and hidden secrets in Rails applications.
A comprehensive deep-dive into buffer overflow vulnerabilities. Learn the mechanics of stack frames, master the art of Return-Oriented Programming (ROP), discover how to bypass modern memory protections like ASLR/DEP, and write your first stack-based exploit.
A deep-dive into the core concepts, frameworks, and operational strategies of modern red teaming. Learn the critical difference between pen testing and adversary emulation, master the Unified Kill Chain, build resilient C2 infrastructure (redirectors, domain fronting), and understand the art of Purple Teaming.
A massive, comprehensive deep-dive into the Metasploit Framework for professional red teamers. Learn how to manage workspaces, master advanced Meterpreter extensions like Kiwi and Incognito, understand payload internals (Staged vs. Non-Staged), automate listeners with Resource Scripts, and pivot through complex networks.
A comprehensive deep-dive into the art and science of social engineering. Learn the psychological principles of persuasion, master OSINT for pretexting, discover modern techniques like AitM phishing and MFA Fatigue, and understand how to weaponize human trust in a professional red team engagement.
A comprehensive deep-dive into the Nim programming language for offensive security. Learn the language fundamentals, master WinAPI interoperability with winim, discover compile-time metaprogramming for string obfuscation, and understand why Nim is the modern favorite for bypassing EDRs.
A comprehensive deep-dive into network scanning and enumeration for red teamers. Master the intricacies of Nmap, explore the power of the Nmap Scripting Engine (NSE), learn advanced evasion techniques, and discover modern high-speed alternatives like RustScan and Masscan.
A masterclass in advanced SQL injection techniques for red team operators. Move beyond simple authentication bypass to manual UNION-based exfiltration, Error-Based and Blind SQLi, WAF evasion, Out-of-Band (OOB) data theft using DNS and HTTP, Second-Order injection, and leveraging advanced Sqlmap features for real-world engagements.
A comprehensive deep-dive into the Rust programming language for offensive security. Learn the core concepts of ownership and borrowing, master idiomatic error handling, build a multi-threaded port scanner, and discover how to use “Unsafe Rust” for shellcode injection and high-performance exploit development.
A comprehensive deep-dive into Cross-Site Scripting (XSS) from an offensive perspective. Learn to move beyond simple alert boxes to cookie theft, weaponized BeEF hooks, Blind XSS, and bypassing modern WAFs and CSPs.
A comprehensive deep-dive into the world of penetration testing and ethical hacking. Learn the Penetration Testing Execution Standard (PTES), the critical differences between VA and PT, the art of professional reporting, and how to navigate the legal minefield of offensive security.
A deep-dive guide for red team operators transitioning from Linux to macOS. Learn the critical differences in Unix underpinnings, master macOS-specific security boundaries like TCC and SIP, discover “Living off the Land” techniques using JXA and AppleScript, and understand how to persist using LaunchDaemons.
A comprehensive deep-dive into PsExec for offensive operations. Learn how it works under the hood, how to leverage Pass-the-Hash with Impacket, advanced techniques for service name evasion, and understand the massive forensic footprint it leaves so you know when (and when NOT) to use it.
A comprehensive deep-dive into using sc.exe for offensive operations. Learn how to weaponize the Windows Service Control Manager for remote code execution, establish robust persistence via service failure actions, change permissions with subinacl, and bypass EDR controls using kernel-mode drivers.
A comprehensive deep-dive into Wmic for offensive security. Learn how to interrogate system internals, perform lateral movement, discover security software, abuse XSL transformation for code execution, and understand the forensic footprint of WMI activity.
A deep-dive into the hidden layer of microcode. Explore its architecture, the non-persistent update process, the cryptographic protections (and weaknesses) of vendor signatures, and the modern Microarchitectural attacks like Downfall and Zenbleed that have redefined hardware security.
A comprehensive guide to Active Directory reconnaissance with built-in tooling. Learn how to discover privileged accounts, identify service accounts, spot unconstrained delegation, and operate when RSAT isn’t installed.
A comprehensive deep-dive into advanced Windows command-line tools. Learn how to leverage modern binaries like curl and tar, abuse legacy tools for download and execution, and perform stealthy data theft and persistence without triggering alerts.
A specialized guide for Red Team operators on exfiltrating and migrating data from a target MySQL database to a local PostgreSQL instance. Learn how to use Docker for rapid infrastructure deployment, pgloader for automated schema conversion, and handle both live network migrations and offline dump analysis.
A comprehensive deep-dive into Chisel, the ultimate tool for bypassing network restrictions via SSH-over-HTTP. Learn how to master forward and reverse tunnels, establish stealthy SOCKS proxies, harden your infrastructure with TLS, and change the source code for evasion.
A deep-dive into the technical requirements and execution of Pass-the-Hash for Remote Desktop Protocol (RDP). Learn the correct xfreerdp syntax, how to enable Restricted Admin Mode remotely, troubleshoot NLA errors, and understand the forensic “Type 3” logon anomaly.
A deep-dive guide into advanced network tunneling techniques. Learn to combine Iptables, SSH (Local, Remote, Dynamic, and Reverse Dynamic), Windows Netsh, and Socat to bypass firewalls, pivot through sophisticated network segments, and maintain a low profile during engagements. Now covers modern tools like Chisel and Ligolo-ng.
A comprehensive guide for red team operators on using Impacket’s mssqlclient.py to discover, authenticate, and exploit Microsoft SQL Server instances. Learn to achieve RCE via xp_cmdshell and OLE Automation, steal hashes via UNC path coercion (xp_dirtree), abuse linked servers, and extract sensitive data stealthily.
A massive, comprehensive deep-dive into leveraging Impacket’s powerful SMB tools for offensive operations. Learn how to access shares using smbclient.py, host malicious shares with smbserver.py, perform high-impact NTLM relaying, dump domain secrets with secretsdump.py, and troubleshoot protocol hurdles.
A massive, comprehensive deep-dive into smbclient, covering SMB architecture, essential enumeration techniques, data exfiltration, Pass-the-Hash, advanced automation, and forensic considerations for red team operations.
An in-depth guide to SSH multiplexing and master control sockets for red team operations. Learn to use a single TCP connection for concurrent sessions, reducing overhead, managing connection churn, and understanding the risks of socket hijacking.
A massive, comprehensive deep-dive into the Ruby programming language for security professionals. Explore elegant syntax, advanced object-oriented patterns, metaprogramming, and specialized applications in offensive security, from packet manipulation to Metasploit automation.
Master the art of flight without leaving a footprint. A comprehensive guide to disabling shell history, managing operational hygiene, and understanding the forensic limit of these techniques across Bash, Zsh, Fish, and PowerShell on Linux.
A comprehensive guide to installing and mastering Impacket, covering installation via pipx, deep dives into core tools, and advanced authentication attacks.