Author
Equipe Basilisk
Pesquisa em seguranca ofensiva. Lab, write-ups, ferramentas.
50 publications
macOS Hardening: Lockdown Mode, MDM and Attack Surface Reduction
Defensive configurations on Apple Silicon for journalists, activists and researchers facing well-funded state or commercial adversaries.
aggregator.byline_prefix Equipe Basilisk
Read →Supply Chain Security: Sigstore Signing and Real SBOMs in CI/CD
How Basilisk ships cosign, SLSA, and CycloneDX across real pipelines to blunt SolarWinds-style attacks, XZ Utils backdoors, and dependency confusion.
aggregator.byline_prefix Equipe Basilisk
Read →Malware Analysis in an Isolated Lab: Safe Setup with FlareVM and REMnux
How to build an air-gapped lab with FlareVM and REMnux for reverse engineering real samples without contaminating your network or burning IOCs.
aggregator.byline_prefix Equipe Basilisk
Read →Comms OPSEC: Signal, SimpleX and Session Technically Compared
Technical breakdown of protocols, metadata and threat models for Signal, SimpleX and Session, with practical selection criteria per scenario.
aggregator.byline_prefix Equipe Basilisk
Read →AMSI and ETW Bypass for Defensive Research: What Blue Teams Should Know
Honest technical breakdown of how public AMSI and ETW bypasses work, and how defenders can harden Windows telemetry without looking foolish.
aggregator.byline_prefix Equipe Basilisk
Read →SQL Injection in Practice: Exploiting, Detecting and Mitigating in a Controlled Lab
Hands-on SQLi demo with sqlmap in your own lab, focused on defensive detection and parameterized fixes that actually hold up against production traffic.
aggregator.byline_prefix Equipe Basilisk
Read →Lateral Movement in the Lab: SMB, WMI and WinRM with a Detection Focus
We reproduce three classic lateral movement techniques in GOAD and show how to turn each one into a Sigma rule the blue team can actually use.
aggregator.byline_prefix Equipe Basilisk
Read →Ethical OSINT: Investigating Your Own Digital Footprint with Maltego and Spiderfoot
Before a stalker, hostile recruiter, or data broker finds you, do the work yourself. Maltego and Spiderfoot turn public fragments into a personal attack map.
aggregator.byline_prefix Equipe Basilisk
Read →SSH Hardening 2026: Algorithms, Certificates and Bastion Hosts
Modern SSH configuration with an internal CA, resistant algorithms and auditable bastion hosts to shrink the attack surface in corporate environments.
aggregator.byline_prefix Equipe Basilisk
Read →Anti-Doxxing Personal Security: Removing Data from Brazilian Data Brokers
Hands-on technical procedure to cut your exposure on Brazilian data brokers, social media and public records before a doxxer does it for you.
aggregator.byline_prefix Equipe Basilisk
Read →Simulated Initial Access: Macros, LNK and ISO in an Isolated Windows 11 Lab
We replayed three classic initial access vectors inside a sealed Windows 11 lab to see what the EDR actually logs and where detection quietly falls apart.
aggregator.byline_prefix Equipe Basilisk
Read →Disk Crypto and Backups: VeraCrypt, LUKS and a Resilient 3-2-1 Strategy
How to encrypt disks with LUKS2 and VeraCrypt and build verified 3-2-1 backups, with a recovery plan tested in the lab.
aggregator.byline_prefix Equipe Basilisk
Read →STRIDE Threat Modeling in Sprints: A Full Microservice Walkthrough
How to apply STRIDE to a real payments microservice inside a two-week sprint, with a clean DFD, prioritized threats, and actionable mitigations.
aggregator.byline_prefix Equipe Basilisk
Read →Web Pentesting From Scratch: Building a Safe Lab with DVWA, Juice Shop and Burp Suite
Hands-on guide to building an isolated web pentest lab with DVWA, Juice Shop and Burp Suite configured under clear legal and safety rules.
aggregator.byline_prefix Equipe Basilisk
Read →Passwords and MFA: Moving to Passkeys Without Breaking Your Recovery
Passkeys kill phishing and MFA fatigue, but a sloppy migration locks legitimate users out. Plan fallback, devices and roaming with no holes.
aggregator.byline_prefix Equipe Basilisk
Read →Windows 11 Hardening for High-Risk Offensive Security Workstations
Battle-tested Windows 11 hardening recipe with ASR, Credential Guard, AppLocker and WDAC deployed across Basilisk offensive analyst laptops.
aggregator.byline_prefix Equipe Basilisk
Read →Linux Server Hardening: Applying CIS Benchmark Without Breaking Production
How to apply the CIS Benchmark on production Debian and Ubuntu hosts by validating each control, measuring impact, and keeping SLA intact without an all-night rollback.
aggregator.byline_prefix Equipe Basilisk
Read →Exploring File Upload Vulnerabilities Without Breaking the Law
How to bypass upload validations in your own lab, map the bug classes, and harden webservers against RCE via malicious file.
aggregator.byline_prefix Equipe Basilisk
Read →macOS Incident Forensics: UnifiedLogs, FSEvents and AULR in Practice
How Basilisk collects evidence on macOS Sonoma and Sequoia using UnifiedLogs, FSEvents and AULR without trampling the incident scene.
aggregator.byline_prefix Equipe Basilisk
Read →SSRF Demystified: Exploiting Cloud Metadata in a Local AWS Lab
Ethical SSRF reproduction against IMDS using LocalStack, with real payloads, simulated credential theft and definitive mitigation via IMDSv2.
aggregator.byline_prefix Equipe Basilisk
Read →Memory Forensics with Volatility 3: Analyzing Dumps in a Reproducible Lab
Technical memory analysis workflow with Volatility 3, sandbox-reproduced dumps and cross-validation against Rekall and MemProcFS.
aggregator.byline_prefix Equipe Basilisk
Read →Personal Crypto: Hardware Wallets, Passphrase and Coercion-Resistant Backup
How to build self-sovereign crypto custody using a hardware wallet, BIP39 passphrase and metal backup designed against phishing and physical attacks.
aggregator.byline_prefix Equipe Basilisk
Read →Linux Application Sandboxing with Bubblewrap, Firejail and Flatpak
How the Basilisk team isolates browsers, PDF readers and risky tools on Linux desktops using audited, reproducible sandbox profiles.
aggregator.byline_prefix Equipe Basilisk
Read →Building C2 Infra with Sliver in an Isolated Lab for Defensive Research
Spinning up a Sliver C2 air-gapped is not hacker theater: it is how Blue Teams learn to detect what they will face tomorrow. Hands-on technical walkthrough.
aggregator.byline_prefix Equipe Basilisk
Read →Active Directory Pentest: Step-by-Step Kerberoasting in a GOAD Lab
Ethical Kerberoasting walkthrough on Game of Active Directory: TGS capture, offline crack with hashcat, and detection via Event ID 4769.
aggregator.byline_prefix Equipe Basilisk
Read →Personal Security for High-Visibility Targets: Journalists, Activists, and Executives
Defensive playbook for people with public profiles: from threat modeling to digital hygiene, with tools battle-tested in the field.
aggregator.byline_prefix Equipe Basilisk
Read →Threat Hunting with Sigma and Elastic: From Indicator to Detection Rule
How to turn attack hypotheses into Sigma rules tested in Elastic, with a reproducible lab validation pipeline.
aggregator.byline_prefix Equipe Basilisk
Read →Red Team 101: How Pentests Differ from Real Adversarial Operations
A pentest is not a red team. Learn scope, ROE, objectives, and why ethical discipline defines whether an adversarial engagement actually delivers value.
aggregator.byline_prefix Equipe Basilisk
Read →REST and GraphQL API Pentest: Technical Checklist for Legal Bug Bounty
Hands-on methodology for testing REST and GraphQL APIs in authorized programs, focused on IDOR, authentication bypass and malicious introspection.
aggregator.byline_prefix Equipe Basilisk
Read →Modern XSS: DOM, Stored and Reflected With Real Examples in a Test Lab
Three XSS flavors dissected in a sandbox with payloads, exploitation flow, and mitigations via strict CSP, Trusted Types and DOMPurify sanitization.
aggregator.byline_prefix Equipe Basilisk
Read →Timeline Forensics on Windows: Plaso, Log2Timeline and KAPE in Practice
Building super-timelines of a compromised Windows 11 test VM with KAPE for triage collection and Plaso parsing 200+ artifacts.
aggregator.byline_prefix Equipe Basilisk
Read →Real Anonymity with Tor: What Works and What is Myth in 2026
Tor is not an invisibility cloak. Where the network truly protects, where traffic correlation breaks anonymity, and how to use it sensibly in 2026.
aggregator.byline_prefix Equipe Basilisk
Read →Adversary Emulation with Caldera and MITRE ATT&CK in a Corporate Lab
How Basilisk uses Caldera, Atomic Red Team and MITRE ATT&CK to simulate real TTPs in a closed lab and measure SOC maturity without breaking production.
aggregator.byline_prefix Equipe Basilisk
Read →Metadata Hygiene: Stripping EXIF, PDF and Office Before You Publish
How to remove metadata that leaks identity, GPS and authorship from images, PDFs and Office documents before publishing online.
aggregator.byline_prefix Equipe Basilisk
Read →Advanced Nmap: NSE Scripts for Internal Recon in a Simulated Corporate Lab
How to get real value out of NSE for authorized enumeration on simulated internal networks, with script examples, output parsing, and pentest pipeline integration.
aggregator.byline_prefix Equipe Basilisk
Read →SELinux Without Fear: Custom Policies for Critical Services
From audit2allow forensics to versioned policy modules running in production, without falling into permanent permissive mode.
aggregator.byline_prefix Equipe Basilisk
Read →Pivoting with Chisel and Ligolo-ng: Segmented Networks in a Pentest Lab
How to pivot across VLANs using Chisel and Ligolo-ng in a controlled lab, and which artifacts the blue team can capture to detect the reverse tunnel.
aggregator.byline_prefix Equipe Basilisk
Read →Digital Compartmentalization: Separate Identities Without Leaking Metadata
How to keep personas, browsers and devices actually isolated by closing the metadata leaks that destroy any separation within minutes.
aggregator.byline_prefix Equipe Basilisk
Read →AppSec Shift-Left: SAST, SCA and Secrets Scanning Without Slowing the Team
How Basilisk OffSec rolls out AppSec gradually, measuring developer friction and avoiding the permanently red pipeline nobody bothers to read.
aggregator.byline_prefix Equipe Basilisk
Read →Hunting Living-off-the-Land Binaries on Windows with KQL
Production-ready KQL queries for Microsoft Defender and Sentinel to hunt LOLBin abuse from rundll32, mshta, and certutil in real environments.
aggregator.byline_prefix Equipe Basilisk
Read →DFIR on Linux: Live Triage with UAC and Velociraptor
How the Basilisk team runs live triage on compromised Linux hosts using UAC and Velociraptor without destroying volatile evidence.
aggregator.byline_prefix Equipe Basilisk
Read →Dependency Confusion and Typosquatting: Practical Defense for Dev Teams
How registry policies, lockfiles and scoping block malicious packages before they hit the build. Hands-on technical guide from the Basilisk team.
aggregator.byline_prefix Equipe Basilisk
Read →Purple Team in Practice: Building a Red vs Blue Feedback Loop
How to integrate adversarial emulation with the SOC, close detection gaps in short sprints, and turn exercises into versioned Sigma rules.
aggregator.byline_prefix Equipe Basilisk
Read →Tails, Whonix or Qubes OS: Which to Pick for Each OPSEC Scenario
Technical comparison of Tails, Whonix and Qubes OS with objective criteria around threat model, compartmentalization and operational cost to pick the right OS.
aggregator.byline_prefix Equipe Basilisk
Read →Container Forensics: Investigating Kubernetes Compromises Like a Pro
How the Basilisk team collects evidence from pods, runtime, and control plane after a suspected incident in production Kubernetes clusters.
aggregator.byline_prefix Equipe Basilisk
Read →Windows Persistence: 10 Documented Techniques and Their Countermeasures
Defensive catalog of 10 Windows persistence mechanisms with ready-to-run KQL hunting queries and hardening measures any SOC can deploy this week.
aggregator.byline_prefix Equipe Basilisk
Read →OPSEC for Security Researchers: Building a Personal Threat Model
Before you install Tails, Qubes or Signal, draw your individual threat model. Skip it and you are just stacking tools and burning effort in the wrong place.
aggregator.byline_prefix Equipe Basilisk
Read →EDR Evasion for Research: Direct Syscalls Explained Without the Hype
How direct syscalls actually work in controlled defensive study, why they remain detectable, and what blue teams should look for before buying the next black box.
aggregator.byline_prefix Equipe Basilisk
Read →Authorized Red Team Phishing: Templates, GoPhish and Ethical Guardrails
How written-scope red team engagements use GoPhish, build believable templates, and why firing a campaign without authorization ends careers.
aggregator.byline_prefix Equipe Basilisk
Read →Android Mobile App Pentest: Frida, MobSF, and a Genymotion Lab
End-to-end setup for dynamic analysis of your own APKs using Frida, MobSF, and Genymotion, with hands-on hooks and a technical checklist.
aggregator.byline_prefix Equipe Basilisk
Read →