This technical article provides a detailed overview of various techniques and tools that can be used to bypass firewalls, including examples and best practices for red teamers and pen testers.
Learn how to write concurrent and parallel programs in Rust, explore advanced concurrency techniques, and discover how Rust can be used in pen testing and red teaming scenarios. Compare Rust with other languages commonly used in the security field.
Mastering advanced physical security bypass techniques is essential for any red teamer, providing a significant edge in testing and enhancing an organization’s overall security posture through a blend of technical skills, social engineering, and creative problem-solving.
This article explores the use of JavaScript and Socket.io for building real-time applications, with a focus on techniques and examples relevant to penetration testing and red teaming, while highlighting the pros and cons of using JavaScript in these scenarios.
Explore the power of OSINT in Red Teaming. Dive into techniques like social network profiling, dorking, and domain recon to bolster your social engineering skills.
Explore cyber threat hunting techniques, best practices, and real-world examples to proactively detect, analyze, and mitigate emerging security threats.
This article delves into advanced JavaScript DOM manipulation techniques for red teams and pen testers, covering various methods of accessing, modifying, and traversing the DOM, along with real-world examples demonstrating their applications in hacking scenarios.
Explore advanced physical security bypass techniques, including lock picking, key duplication, RFID exploitation, access control system bypass, and social engineering, for red teaming and pen testing.
This article explores advanced object-oriented programming concepts in Python, such as decorators, inheritance, abstract base classes, composition, aggregation, and properties, along with practical code examples tailored for pen testers and red teamers to create robust and flexible software.
This article is an introduction to the Lua programming language for pen testers and red team members, covering its basic concepts and syntax, examples of its use in network analysis, password cracking, and web scraping, and weighing its pros and cons compared to other languages.
This article explores a range of covert communication and exfiltration techniques for Red Team operations, including protocol-level channels, social media, and out-of-band exfiltration techniques.
This article provides an introduction to PowerShell scripting, including basic concepts and syntax, specific code examples for pen testing and red teaming tasks, and the language’s pros and cons compared to other programming languages in the field.
This article discusses best practices and techniques for effective Cyber Threat Intelligence (CTI) collection, analysis, and dissemination for red teams and pen testers.
This article explores advanced heap spraying techniques used by red teams and pen testers to exploit vulnerabilities in software applications, including non-ASLR and ASLR-based heap spraying, and Unicode heap spraying, with real-world examples and tools.
This article provides a comprehensive guide to the C++ programming language, covering its basic concepts and syntax, as well as its application in pen testing and red teaming, including code examples for a port scanner, password cracker, and web crawler, and discussing its pros and cons compared to other languages for these purposes.
This article explores advanced memory forensics techniques for detecting malicious activity in memory, including process timelining, high-low level analysis, walking the VAD tree, and detecting rogue processes, kernel-level rootkits, DLL hijacking, process hollowing, and sophisticated persistence mechanisms.
This article explores the prevention techniques for Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) attacks in web applications, providing real-world examples, and includes code samples in various web programming languages.
BloodHound is a powerful tool for analyzing Active Directory environments, helping red teamers and pen testers visualize complex relationships, identify security risks and attack paths, and develop effective mitigation strategies to strengthen an organization’s security posture.
This article provides an in-depth discussion of advanced red team exercises specifically focused on supply chain attacks, including reconnaissance, weaponization, delivery, exploitation, and post-exploitation phases, with technical details and real-world examples.
This article discusses the basic concepts and syntax of the Kotlin programming language, as well as its applications in pen testing and red teaming, including code examples for a port scanner, password cracker, and web crawler, and compares its pros and cons to other languages used in the field.
This article provides a detailed overview of IoT security best practices and common vulnerabilities for an advanced audience of experienced security professionals, covering topics such as secure communication protocols, firmware updates, strong passwords, network segmentation, and more.
Mythic is a powerful, open-source post-exploitation framework that offers red teamers and pen testers an extensible and customizable platform with numerous modules, agents, and C2 profiles to enhance their engagements and achieve objectives in various target environments.
This article provides an overview of best practices for cloud security, including secure access to the cloud, encryption to protect data, keeping software up to date, monitoring cloud resources for security events, and using network security best practices, with specific technical examples for AWS, GCP, and Azure.
This article introduces and explains exploit development techniques, best practices, and examples for a technical audience of red teams and pen testers.
This article discusses advanced social engineering techniques, spear phishing, and whaling for a technical audience, including OSINT, psychology of trust, and elements of effective and ineffective attacks.
SharpSocks is a powerful .NET-based proxy tool for red teaming and network penetration testing that enables encrypted communications, protocol obfuscation, and access to internal resources, providing professional hackers with stealth and persistence in their engagements.
This article explores the world of red team exercises, discussing various types of exercises, tools and techniques used, real-world examples, and the five phases of a typical red team exercise.
Explore Swift basics, syntax, and use cases for pen testing and red teaming. Learn how to create custom tools like brute force crackers and port scanners.
This article discusses advanced malware analysis techniques focusing on dynamic analysis and provides real-world examples and code samples for techniques such as memory analysis, network monitoring, and debugging.
This article explores techniques and best practices for physical security testing, including social engineering, physical bypass, lock picking, surveillance, and physical access control.
This article provides a comprehensive guide to using Covenant, a powerful command and control framework for red teaming and post-exploitation operations.
This article provides a comprehensive overview of hacking techniques and real-world examples for exploiting vulnerabilities in IoT devices, including code samples and tool recommendations.
This article delves into the Java programming language, covering basic concepts, syntax, and its practical applications in pen testing and red teaming, while also discussing its pros and cons for cybersecurity professionals.
This comprehensive guide explores Nishang, a collection of PowerShell scripts designed for penetration testing and red teaming, covering PowerShell basics, Nishang modules, advanced techniques, real-world applications, and modern evasion methods.
This article explores the advanced web application attacks of CSRF and XXE, including real-world examples, traffic samples, and mitigation techniques for red teamers and pen testers. These vulnerabilities are often overlooked but are critical in enterprise applications.
To hide in memory, you must study memory. This guide flips the script on forensics, using Volatility to understand how Blue Teams hunt for your beacons.
A working operator’s view of pretexting in 2026. Cialdini’s six (plus one) principles applied to actual engagements, building a legend that survives a target’s google check, handling the “let me verify with my manager” pushback, and the modern landscape after Scattered Spider’s MGM/Caesars helpdesk attacks, AI voice cloning, STIR/SHAKEN, and AiTM kits eating MFA fatigue’s lunch.
A working tour of the BC Security Empire fork in 2026. Listeners, stagers, and the four agent types Empire ships today (PowerShell, Python, IronPython, and Sharpire/C#). Plus an honest read on where Empire still earns its keep in 2026, where Sliver and Havoc have eaten its lunch, and what AMSI evasion actually looks like now that Defender has shipped signatures for the obvious bypasses.
A working operator’s look at the layer 2 and layer 3 attacks that actually move an engagement forward: IPv6 shadow networks and mitm6/ntlmrelayx, NAC bypass against modern profiling-aware appliances, DTP and double-tagging VLAN hopping, and HSRP/VRRP gateway hijacking with Loki. Plus the 2024–2026 defender changes (Server 2025 EPA, LDAP channel binding) that have made some of these noisier.
A working primer on static and dynamic PE analysis from the operator’s seat. What an EDR actually sees when your payload lands on disk, why your IAT and entropy and PDB paths are doing most of the talking, and a self-audit loop that catches the obvious tells before the payload ever touches a customer machine.
A working operator’s view of password cracking past rockyou.txt. Building a dedicated GPU rig (and when to burst to cloud), tuning Hashcat for fast and slow hash types, generating context-specific wordlists with CeWL and PRINCE, and writing rules that target how humans actually compose passwords inside an enterprise.
A walk through the modern phishing campaign architecture from an operator’s seat. Domain warming, redirector tiers, ASN and geo cloaking, CAPTCHA gates to defeat sandbox click-time URL scanning, HTML smuggling via the Blob API, SVG smuggling, and homograph tricks. Plus the current state of the arms race in 2026 with AiTM kits like Tycoon and EvilProxy, and what defenders should actually focus on.
A Rails primer for operators who need to assess or exploit a Rails application. Covers the MVC layout that tells you where the bugs live, strong parameters and the permit! footgun, what SECRET_KEY_BASE actually gives you on modern Rails versus the classic Marshal RCE chain on Rails 3, the raw/html_safe XSS surface, IDOR patterns, and the static-analysis tools (Brakeman, bundler-audit) that should be your first pass.
How a stack-based buffer overflow actually corrupts a stack frame, what the classic mitigations (ASLR, DEP/NX, stack canaries) do and how each gets bypassed, why modern Windows and Linux added more layers (CFG, CET shadow stacks, PIE, PAC), and the development workflow for writing a first exploit against an unhardened target. Aimed at operators who’ve used Metasploit but never written an exploit from scratch.
A working operator’s view of red teaming versus pen testing, the Unified Kill Chain as a practical mental model rather than a theoretical framework, how modern C2 infrastructure is actually built (and why domain fronting isn’t the answer anymore), purple teaming as collaborative tuning, deconfliction with the white cell, and the operator-side OPSEC habits that decide whether you finish the engagement quietly.
A working operator’s guide to Metasploit. Covers the module taxonomy, why you actually want the database initialized, staged vs non-staged payloads and when each one matters, Meterpreter’s load-bearing extensions (stdapi, kiwi, incognito, priv), pivoting (autoroute, portfwd, SOCKS), and resource scripts for the listener setup you’d otherwise type a hundred times an engagement.
A working guide to social engineering for red team engagements. Covers Cialdini’s six principles of persuasion as they’re actually used in pretexting, OSINT for building a credible story, Adversary-in-the-Middle phishing against MFA-protected accounts, MFA fatigue, vishing, physical entry, and how to write findings up without throwing individual employees under the bus.
A guide to using Nim for offensive tooling. Covers language fundamentals, the winim WinAPI bindings, compile-time string obfuscation with macros, direct syscall stubs, the offensive Nim ecosystem (OffensiveNim, NimlineWhispers, Nim-RunPE, NimPackt, Nimcrypt2), and an honest take on what edge Nim actually still gives you against modern EDR.
Past nmap -sC -sV — TCP/IP behavior that shapes scan results, NSE for real enumeration, IDS-aware timing, packet-level evasion, and where RustScan and Masscan are actually faster.
Manual UNION-based exfiltration, error-based and blind SQLi, WAF evasion, out-of-band data theft over DNS and HTTP, second-order injection, and the sqlmap flags that matter on real engagements.
A comprehensive deep-dive into the Rust programming language for offensive security. Learn the core concepts of ownership and borrowing, master idiomatic error handling, build a multi-threaded port scanner, and discover how to use “Unsafe Rust” for shellcode injection and high-performance exploit development.
A deep-dive into XSS from an offensive perspective. Beyond alert(1) — cookie theft, weaponized BeEF hooks, blind XSS, and bypassing modern WAFs and CSPs.
An introduction to penetration testing for people getting into the field. The differences between VA, PT, and red teaming; PTES as a workflow; what actually goes into a good report; and the legal lines you can’t cross.
A guide for red team operators coming from Linux. Where Darwin differs from Linux at the userland and kernel level, how SIP and TCC change what root means, how to live off the land with JXA and AppleScript, and how to persist with launchd.
A deep-dive into PsExec for offensive work. How it works under the hood, how to leverage pass-the-hash with Impacket, service-name evasion, and the forensic footprint it leaves so you know when to reach for it and when to reach for something else.
A deep-dive into sc.exe for offensive work. Weaponize the Windows Service Control Manager for remote code execution, persist via service failure actions, exploit weak service ACLs, and load kernel drivers.
A deep-dive into Wmic for offensive work. Interrogate system internals, move laterally, find security software, abuse XSL transforms for code execution, and understand the forensic footprint WMI leaves behind.
A deep-dive into microcode. How it works, why updates aren’t persistent, where the cryptography is (and isn’t) bulletproof, and why microarchitectural attacks like Downfall and Zenbleed keep happening.
A guide to Active Directory reconnaissance with built-in tooling. Discover privileged accounts, identify service accounts, spot unconstrained delegation, and operate when RSAT isn’t installed.
A comprehensive deep-dive into advanced Windows command-line tools. Learn how to leverage modern binaries like curl and tar, abuse legacy tools for download and execution, and perform stealthy data theft and persistence without triggering alerts.
A specialized guide for Red Team operators on exfiltrating and migrating data from a target MySQL database to a local PostgreSQL instance. Learn how to use Docker for rapid infrastructure deployment, pgloader for automated schema conversion, and handle both live network migrations and offline dump analysis.
A practical walkthrough of Chisel for tunneling — reverse SOCKS, port forwarding, TLS hardening with a real cert, source-level evasion tweaks, and how it compares to Ligolo-ng.
How Pass-the-Hash actually works against RDP — what makes it normally fail, why Restricted Admin Mode flips that around, the correct xfreerdp syntax, RDP-over-SOCKS tuning, and the Logon Type 3 anomaly that gives the technique away.
A working guide to network tunneling for offensive ops — iptables NAT, every flavor of SSH forwarding (including reverse SOCKS and ProxyJump), Windows netsh portproxy, socat, and the modern compiled tools that have largely replaced everything else (Chisel and Ligolo-ng).
A red team walkthrough of Impacket’s mssqlclient.py — discovery, every common auth method, RCE via xp_cmdshell / OLE Automation / CLR, hash capture via xp_dirtree, linked-server hops, file transfer over TDS, and finding the data that actually matters.
A walkthrough of Impacket’s SMB tooling for offensive work — smbclient.py, smbserver.py, secretsdump.py, and ntlmrelayx.py. Covers Pass-the-Hash, hash capture via UNC paths, DCSync, and cross-protocol NTLM relay.
A long walkthrough of smbclient for offensive work — SMB dialects, enumeration, bulk exfiltration, Pass-the-Ticket via Kerberos, opsec around credentials, and what the blue team sees when you connect.
A guide to SSH multiplexing and master control sockets for red team work. Covers running concurrent sessions over a single TCP connection, reducing connection churn, and the risks of socket hijacking.
A long-form Ruby walkthrough for security folks. Covers syntax, the object model, blocks and metaprogramming, networking, FFI, and writing Metasploit modules.
Master the art of flight without leaving a footprint. A comprehensive guide to disabling shell history, managing operational hygiene, and understanding the forensic limit of these techniques across Bash, Zsh, Fish, and PowerShell on Linux.
A comprehensive guide to installing and mastering Impacket, covering installation via pipx, deep dives into core tools, and advanced authentication attacks.