🎭 Red Team Operations

Cobalt Strike Mastery

Professional red team platform for advanced adversary simulation.

• Beacon configuration and customization
• Malleable C2 profile development
• Advanced post-exploitation modules
• Sleep mask and process injection

Custom C2 Development

Building bespoke command and control infrastructure.

• C2 protocol design and implementation
• Encrypted communication channels
• Domain fronting and CDN abuse
• C2 redundancy and failover

Open Source C2 Platforms

Leveraging and customizing open source C2 frameworks.

• Covenant and Empire frameworks
• Sliver C2 platform
• Mythic collaborative platform
• Framework comparison and selection

LOLBins & LOLBAs

Abusing legitimate binaries and applications for malicious purposes.

• PowerShell and WMI abuse
• Windows built-in tool exploitation
• Registry manipulation techniques
• Scheduled task abuse

Fileless Attacks

Memory-only attacks that leave minimal forensic evidence.

• In-memory payload execution
• PowerShell reflection attacks
• Process hollowing techniques
• DLL injection methods

Process Injection

Advanced process injection techniques for stealth execution.

• DLL injection variations
• Process hollowing and doppelgänging
• Manual DLL loading
• Thread execution hijacking

Signature Evasion

Bypassing signature-based detection mechanisms.

• Payload encoding and encryption
• Polymorphic code generation
• String obfuscation techniques
• Anti-emulation methods

Behavioral Evasion

Evading behavioral analysis and heuristic detection.

• Sleep and timing manipulation
• Sandbox detection and evasion
• Environment keying techniques
• User interaction simulation

EDR Bypass Techniques

Advanced methods for evading Endpoint Detection and Response.

• ETW (Event Tracing for Windows) bypass
• AMSI (Anti-Malware Scan Interface) evasion
• API hooking detection and bypass
• Kernel callback evasion

Phishing Operations

Sophisticated phishing campaign development and execution.

• Spear phishing targeting
• Credential harvesting pages
• Email spoofing and impersonation
• Multi-stage phishing campaigns

Pretexting & Vishing

Voice and text-based social engineering techniques.

• Phone-based information gathering
• Pretext development and execution
• Voice changing and spoofing
• SMS phishing campaigns

Physical Security

Physical penetration testing and social engineering.

• Badge cloning and RFID attacks
• Lock picking and bypass
• Tailgating and piggybacking
• USB drop attacks

Credential Theft

Advanced credential harvesting and reuse techniques.

• LSASS memory dumping
• Kerberos ticket extraction
• NTDS.dit extraction
• Browser credential harvesting

Network Movement

Moving through network segments and trust boundaries.

• SMB and WMI lateral movement
• PowerShell Remoting abuse
• RDP and SSH tunneling
• Network pivoting techniques

Trust Relationship Abuse

Exploiting trust relationships for domain movement.

• Domain trust enumeration
• Forest trust exploitation
• Cross-domain attack paths
• External trust abuse

Registry Persistence

Windows registry-based persistence techniques.

• Run keys and startup folders
• Service creation and modification
• WMI event subscriptions
• COM hijacking techniques

Scheduled Tasks & Services

Leveraging system services for persistent access.

• Scheduled task creation
• Service binary replacement
• Service DLL hijacking
• Logon script persistence

Advanced Persistence

Sophisticated persistence mechanisms for long-term access.

• Bootkit and rootkit techniques
• UEFI persistence
• Hypervisor-based persistence
• Firmware implant techniques

Infrastructure OPSEC

Securing red team infrastructure and maintaining anonymity.

• C2 infrastructure isolation
• Domain categorization and aging
• Traffic redirection and proxying
• Infrastructure attribution prevention

Payload OPSEC

Developing operationally secure payloads and tools.

• Payload signing and validation
• Anti-analysis techniques
• Attribution prevention
• Forensic counter-measures

Operational OPSEC

Maintaining operational security during engagements.

• Communication security
• Timeline and activity correlation
• Log evasion techniques
• Incident response evasion

C2 Frameworks

• Cobalt Strike: Professional red team platform
• Covenant: .NET C2 framework
• Empire: PowerShell and Python post-exploitation
• Sliver: Open source C2 platform

Evasion Tools

• Veil: Payload generation framework
• Donut: Shellcode generation tool
• ScareCrow: EDR evasion tool
• ThreatCheck: AV signature scanner

Post-Exploitation

• SharpCollection: C# offensive tools
• GhostPack: .NET post-exploitation toolkit
• BloodHound: AD attack path analysis
• PowerSploit: PowerShell exploitation toolkit