Red Teaming
AD exploitation, lateral movement, persistence, defense evasion — MITRE ATT&CK aligned playbooks.
Ivanti Connect Secure 2024 CVEs: Mass Exploitation and Lessons
CVE-2023-46805 + CVE-2024-21887 chained for unauthenticated RCE on Ivanti VPN. Mass-exploited within hours by nation-state and ransomware actors. IoCs, the 7-step IR…
Red TeamingFortinet FortiGate CVEs: The Edge-Device Attack Surface Pattern
Fortinet's recent CVE history (2022-40684, XORtigate, 2024-21762, FortiManager 23113 / 47575) shows the structural risk of edge devices. IoCs, mitigation pattern, and…
Red TeamingOSINT Methodology for Pentesters: The 2026 Toolchain
Practitioner OSINT methodology — subdomain enumeration with subfinder/amass, live discovery with httpx, vulnerability scanning with nuclei, people enumeration with theHarvester, GitHub secrets…
Red TeamingSubdomain Enumeration Deep-Dive: Beyond subfinder
Senior subdomain enumeration — passive sources (CT logs, DNS aggregators), active brute-force with smart wordlists, JS-file analysis, cloud-asset patterns, subdomain takeover hunting.…
Red TeamingSock Puppet Accounts for OSINT Investigations: OPSEC and Ethics
Operational sock puppet accounts for OSINT — the OPSEC stack (browser profile, VPN, email, phone, fingerprint), believable persona building, attribution mistakes, legal/ethical…
Red TeamingProxyShell: The Exchange Vulnerability That Fueled Ransomware
ProxyShell (CVE-2021-34473/34523/31207) chain — pre-auth RCE on Exchange. Why it became ransomware fuel, IoCs (webshells in Exchange directories, anomalous PowerShell remoting), patching…
Red TeamingNmap for Pentesters: Beyond -sV -sC
Senior Nmap workflow — phased scanning (discovery, full TCP, service detection, vuln scripts, UDP), NSE scripts that find bugs (vulners, smb-vuln, ssl-enum-ciphers),…
Red TeamingMetasploit in 2026: The Practitioner Workflow
Metasploit beyond search-and-exploit — workspace management, database integration, payload customisation with msfvenom, listener management, post-exploitation modules, integration with BloodHound and modern C2.…
Red TeamingCVE-2024-1086 (nf_tables): Linux Kernel LPE Pattern
nf_tables use-after-free in Linux 5.14-6.6 — LPE plus container escape via user namespace. Public exploit, affected kernels, detection, and the broader kernel-CVE…
Red TeamingHydra in 2026: Modern Brute-Force That Doesn’t Trip Lockouts
Modern brute-force — password spraying instead of per-user, slow-and-low timing, distributed source IPs, targeted Indian wordlists. Where it still works (internal services,…