3 articles
A step-by-step debrief of a real-world red team engagement — from passive OSINT through AiTM phishing, EDR evasion, and ADCS exploitation to full domain compromise. What worked, what didn't, and what would have stopped us.
BYOVD EDR evasion, ClickFix delivery, C2 over cloud services — how modern Windows attackers operate in 2026, and the detection logic to catch them.
LSASS credential dumping is one of the most reliable post-exploitation techniques. Survey of methods from MiniDump to direct syscalls and custom loaders, with detection logic and Sysmon rules for each approach.