Welcome to the Red Team Guide blog.
This is a new space for us to share red team tradecraft, tool releases, operational insights, and lessons learned from the field. While our guides cover foundational concepts and structured methodologies, this blog will be where we share timely updates, deep dives, and practical tips.
We are excited to announce the audiobook release of "Red Team Development and Operations," Zero-Day Edition.
The Threatexpress blog maintains an active presence in search results. We've undertaken a refresh effort to clarify existing resources.
This guide provides quick installation steps for BloodHound CE using Docker on Linux systems. For comprehensive details, consult the official quickstart guide.
Security testers need a mixed set of tools. Some in the penetration testing and red teaming community argue that you shouldn't be limited to a specific set of tools. A threat can use anything they desire, right? This is true, but we are not the threat. We are part of the professional security testing community. Security testers shouldn't be limited to a specific set of tools, but downloading and using something randomly found on the internet is risky. A balance is needed. This balance is one way to separate security professionals from those who 'hack stuff.' We need a standard process to control the tools we use that are flexible enough to provide the capability we need with some assurances around the codebase. This can be achieved through a standard attack platform.
Event Data Collector (EDC) is a very basic django application used to capture data on the fly.
I was recently asked to perform an evaluation of multiple command and control (C2) agents. Rather than spending an exorbitant amount of time (that could be used building a custom C2) on an evaluation, I decided to perform a quick comparison of several popular C2 agents.
This is a short form post resulting from conversations over single line cloning and/or pulling of all organizational repos.
'Pasties' started as a small file used to collect random bits of information and scripts that were common to many individual tests. Most of this is just a consolidation of publicly available information and things that Joe Vest (@joevest), Andrew Chiles (@andrewchiles), Derek Rushing, or myself (@minis_io) have found useful. Over time additional sections, section placeholders, snippets, and links were added for "quick reference" and has grown to quite a sizable markdown file. The more complex or longer sections will be separated into smaller more detailed write-ups; however, we decided to drop the short and generic info for public use now. Pasties data will also eventually be formatted and added to the wiki.
