Category
Red Team
10 publications
Lateral Movement in the Lab: SMB, WMI and WinRM with a Detection Focus
We reproduce three classic lateral movement techniques in GOAD and show how to turn each one into a Sigma rule the blue team can actually use.
Read →Simulated Initial Access: Macros, LNK and ISO in an Isolated Windows 11 Lab
We replayed three classic initial access vectors inside a sealed Windows 11 lab to see what the EDR actually logs and where detection quietly falls apart.
Read →Passwords and MFA: Moving to Passkeys Without Breaking Your Recovery
Passkeys kill phishing and MFA fatigue, but a sloppy migration locks legitimate users out. Plan fallback, devices and roaming with no holes.
Read →Personal Crypto: Hardware Wallets, Passphrase and Coercion-Resistant Backup
How to build self-sovereign crypto custody using a hardware wallet, BIP39 passphrase and metal backup designed against phishing and physical attacks.
Read →Building C2 Infra with Sliver in an Isolated Lab for Defensive Research
Spinning up a Sliver C2 air-gapped is not hacker theater: it is how Blue Teams learn to detect what they will face tomorrow. Hands-on technical walkthrough.
Read →Active Directory Pentest: Step-by-Step Kerberoasting in a GOAD Lab
Ethical Kerberoasting walkthrough on Game of Active Directory: TGS capture, offline crack with hashcat, and detection via Event ID 4769.
Read →Adversary Emulation with Caldera and MITRE ATT&CK in a Corporate Lab
How Basilisk uses Caldera, Atomic Red Team and MITRE ATT&CK to simulate real TTPs in a closed lab and measure SOC maturity without breaking production.
Read →Purple Team in Practice: Building a Red vs Blue Feedback Loop
How to integrate adversarial emulation with the SOC, close detection gaps in short sprints, and turn exercises into versioned Sigma rules.
Read →EDR Evasion for Research: Direct Syscalls Explained Without the Hype
How direct syscalls actually work in controlled defensive study, why they remain detectable, and what blue teams should look for before buying the next black box.
Read →Authorized Red Team Phishing: Templates, GoPhish and Ethical Guardrails
How written-scope red team engagements use GoPhish, build believable templates, and why firing a campaign without authorization ends careers.
Read →