A red team spends three weeks crafting a novel lateral movement chain. The report is impressive — multi-stage, creative, technically sophisticated. But no real adversary operates that way, and existing detections already cover the behavior. The defensive improvements from the engagement? Zero.
This is the failure mode most red teams don't talk about: optimizing for clever access instead of adversary disruption.
Welcome to the Red Team Guide blog.
This is a new space for us to share red team tradecraft, tool releases, operational insights, and lessons learned from the field. While our guides cover foundational concepts and structured methodologies, this blog will be where we share timely updates, deep dives, and practical tips.
We are excited to announce the audiobook release of "Red Team Development and Operations," Zero-Day Edition.
The Threatexpress blog maintains an active presence in search results. We've undertaken a refresh effort to clarify existing resources.
This guide provides quick installation steps for BloodHound CE using Docker on Linux systems. For comprehensive details, consult the official quickstart guide.
Security testers need a mixed set of tools. Some in the penetration testing and red teaming community argue that you shouldn't be limited to a specific set of tools. A threat can use anything they desire, right? This is true, but we are not the threat. We are part of the professional security testing community. Security testers shouldn't be limited to a specific set of tools, but downloading and using something randomly found on the internet is risky. A balance is needed. This balance is one way to separate security professionals from those who 'hack stuff.' We need a standard process to control the tools we use that are flexible enough to provide the capability we need with some assurances around the codebase. This can be achieved through a standard attack platform.
Event Data Collector (EDC) is a very basic django application used to capture data on the fly.
I was recently asked to perform an evaluation of multiple command and control (C2) agents. Rather than spending an exorbitant amount of time (that could be used building a custom C2) on an evaluation, I decided to perform a quick comparison of several popular C2 agents.
This is a short form post resulting from conversations over single line cloning and/or pulling of all organizational repos.
