Blog





SharpEDRChecker

Problem Statement Endpoint Detection & Response (EDR) Tools are now hiding themselves under different aliases, running at different layers of the system (kernel, user etc.) and on top of that, more and more products with different nuances are hitting the market all the time. But why does this matter? Situational awareness is critical to theContinue reading “SharpEDRChecker”

EventLog Searcher

This post and subsequent code snippet will help you quickly find where users have logged on by searching through the system event log for event ID 4624 across multiple hosts in a threaded fashion for both speed and flexibility. User hunting is often the most time consuming part of red teaming and hopefully this willContinue reading “EventLog Searcher”

Worried about EDR hooking catching you out?

This post and subsequent code snippets will help you quickly assess whether EDR is loaded into your process (without a debugger) and performing user-level hooking on important functions that you may wish to use, e.g. process migration using ZwOpenProcess and ZwCreateThreadEx. When red teaming in a new environment we always need to perform situation awareness.Continue reading “Worried about EDR hooking catching you out?”

To Click or Not to Click?

When looking at entry points used by APT groups and cyber criminals, a large number of these compromises use phishing as the initial delivery vector. It makes sense, email is now an intrinsic part of how we interact with the world and therefore it is expected that we will regularly see communication from people we know and people we don’t landing in our inbox right on our front door step.

To Be A CISO For A Day

A lot of the top-tier companies that I work with have fallen into the same trap of running a compliance driven security function which means policies are created purely to be compliant and not necessarily adopted or fully integrated by the organisation for security purposes. Policies and procedures is a great thing and provide aContinue reading “To Be A CISO For A Day”

Manifesto – Introduction to the red teaming community!

Welcome to red teaming! This site was created to be a crowdsourced, community driven trademark, where red teamers or security professionals from all around the globe can contribute without anything other than enthusiasm for offensive or defensive security and all things red teaming. The idea is to bring together similar minded individuals to have aContinue reading “Manifesto – Introduction to the red teaming community!”


Get new content delivered directly to your inbox.