Introducing Havoc Professional: A Lethal Presence We’re excited to share a first look at Havoc Professional, a next-generation, highly modular Command and Control framework, and Kaine-kit our fully Position Independent Code agent engineered for stealth! infinitycurve.org/blog/introduct…

Post SteelCon talk drinks, the blog can be found here on the TrustedSec blog: trustedsec.com/blog/offensive…

Go, James 🏴󠁧󠁢󠁷󠁬󠁳󠁿, go! 🔥🔥

throwback to our first blog in 2022. still fun, relevant, and still a headache to detect - despite the meme: pre.empt.blog/posts/bluffy/

In terms of offsec, I have significant respect for technical skill, but a truly great practitioner knows to deliver information tactfully, and can carefully "read the room" (and the customer), tweaking the message on the fly to achieve not only the desired impact for the target

I made the cut 👀👀

Finally made it to Vegas with the TrustedSec gang 😤

Oh hey, this is me 👀

Its always interesting to read research in the malware detection space. This is a good one I stumbled across today: mdpi.com/1999-5903/16/1…

Check out Titanis, my new C#-based protocol library! It features implementations of SMB and various Windows RPC protocols along with Kerberos and NTLM. github.com/trustedsec/Tit…

Pushed my update to Citadel which has a ton of QOL and UI updates, as well as better analysis, more datapoints, and some data-driven classifications: github.com/mez-0/citadel

The MDSec red team is hiring! If you're an experienced red team operator interested in conducting multi-month operations within a small and technically gifted team reach out to us! ✊

New Titanis release => github.com/trustedsec/Tit… Mostly Kerberos enhancements: - S4U2self and S4U2proxy - Change/Set password - Generate crypto key on command line ASN.1 saw some major changes to pave the way for some upcoming enhancements

Once in a blue moon as a red teamer, we encountered environments with canary technology deployed across their infrastructure. The tables flipped. Blue teams caught us immediately. Canary technology uniquely detects adversaries by exploiting their behavior - digital assets with

Read the full story: deceptiq.com/blog/launch

About time! Check out deceptiq for all your OP canary needs

As former Red Teamers, we always were looking for low-risk, high-reward decisions. Actions where the upside-lateral movement outweighed the likelihood of detection. This risk calculus has held for years. Early warning honey tokens exist to break it. deceptiq.com/blog/early-war…

>Issue token >Credentials used >Events into alerts into incidents in real time Watch it happen.