All Posts (Chronological)
-
ANIMO (Azure Network Intel & Mission Ops)
“Here come’s a (New) Challenger” Azure or Entra for the new generation is a big playing field, I’ve been writing a tool for Azure Engagements the entirety of 2025, now that we enter a New Year I decided to battle…
Published
-
How to Rob a Hotel
Previously we’ve talked about banks and casinos the glossy fronts of industries built to drain us while pretending to offer safety or fortune. The game is never fair, the house always wins. But here’s another thought that’s been in the…
Published
-
How to Rob a Casino
Casinos, some view these places as something that corrupts the soul, leading individuals astray with the allure of easy money and instant gratification. Others see casinos as an escape from reality, seeking temporary relief from stress, boredom or dissatisfaction and…
Published
-
How to Rob a Bank
Yes I know the name of the post is very intriguing and you probably think I am throwing a tutorial on How to actually Rob Banks, but not really this blog comes from a story that I wanted to demonstrate…
Published
-
Playing Blue
Yes, Red Team is sexy, I’m a Red Teamer and it’s the Hype!!. Who doesn’t like the rush of being a bad guy and hacking into a Network Infrastructure while trying to be as OPSEC on a Network. I’ve known…
Published
-
CRTO Review
It’s been a while seen a recent post, and I would like to start blogging again in the Red Team category, I wanted to start this blog with a review on the CRTO course, an amazing and friendly course to…
Published
-
Fileless Malware
Turning ourselves into Ghosts “Hunting for a fileless threat can be a tedious and labor-intensive task for any analyst. It is, most often than not, extremely time-consuming and requires a significant amount of data gathering. On top of that, the…
Published
-
Playing with Hashes and Tickets
In a current event I came across an environment where cracking hashes or tickets was not required, or basically impossible, so I started doing my research to keep track on what can we do, when we only have Hashes or…
Published
-
Starting in Red Team
This is a path I would like to talk about since I was working on my own to get to where I finally am. A Jr Red Team Operator, now we all ask ourselves this question when we start, “Where…
Published
-
The Importance of Enumeration
We all love Exploitation and gaining access to a machine elevate our privileges and gain that SYSTEM, Administrator, Domain Admin Shell. It’s a rush that us as hackers love to see when we try to gain access to a box…
Published
-
A Dive on SMBEXEC
•
We all know the glorious Impacket tools, very well known in the Cybersecurity Community and hackers among us. Today I will take a look at the Impacket tools. I was recently surprised by how these tools get detected and why…
Published
-
Red Team Notes 2.0
Hi Everyone, I currently want to share a new and updated gitbook from my previous one Red Team Notes, I currently manage to categories the MITRE ATTACK Framework and mostly focused on Windows Attacks. (I wanted to add other’s but…
Published
-
Av Evasion (Revisited)
•
OK, let’s talk about AV Evasion, the first thing I should mention is “How do AV’s work?”. Let’s understand how AV’s flag,our malware in a very simple way there are 3 methods,but I will only be talking about 2. And…
Published
-
2020 (Error 404)
Error 404 So I know I have been quite inactive lately on my blog, but all in good reason, mostly practicing techniques, writing techniques, creating Demos, writing code in C++, C# and Python3. I have been quite on the move…
Published
-
Persistence Techniques
Today I will talk about persistence, the technique used by adversaries to maintain their foothold on your network. It mainly consists of techniques used by adversaries to keep access to systems across restarts, changed credentials, and other interruptions that could…
Published
-
Privilege Escalation
In today’s Episode of Red-Teaming we will talk about Privilege Escalation a valuable Technique when trying to gain higher privileges on a machine, we want to achieve this Goal because we want UNRESTRICTED access onto the machine we are targeting.…
Published
-
Execution
In my previous post I talked about capturing hashes using a variety of different methods if you noticed these methods were utilizing LOLBAS also know as Living Off The Land Binaries and Scripts (and also Libraries) but what are these…
Published
-
Capturing Hashes
So today I just wanted to write a simple post on explaining the method of Capturing Hashes (NTLM, NTLMv2, Etc). Let’s say we have access to a Victim machine but we are trying to Escalate our privileges, Maintain persistence or…
Published
-
Small Update
•
Well as of today in the current world’s situation. We are currently in Quarantine due to this Virus named COVID-19 (CoronaVirus). And I have been stuck at home just learning and reading the latest blogs and articles anything related to…
Published
-
Red Teaming
Well here it is, I am finally going for a Red Team Job (Jr) am I nervous? Yes…totally, was wondering how will I explain myself if I manage to ace this interview. I mean I have been studying the MITRE…
Published
-
DC-6 Walk-Through
And we made it people the last box of the series man what a ride learned a bunch with wordpress and other CMS, custom word-lists, enumeration and Burp awesome journey and was great to be part of this, this box…
Published
-
DC-5 Walk-Through
Another day!!, another box today I am working on DC-5 and it was great learned some awesome attacks and something so simple as “When All You Can Do Is Read” pretty informative give this one a google search, to sum…
Published
-
DC-4 Walk-Through
Uuuff Today got DC-4 done and some other stuff this awesome box is a little more work started with enumerating just 2 ports where ssh and HTTP are shown then we see a simple web-login page, that has no security…
Published
-
DC-3 Walk-Through
Ok, ok let’s get into this this Machine was awesome really into this one I was having incredibly crazy trouble with my sql injection but after some researching we can find a tool named joomblah that will take care of…
Published
-
DC-2 Walk-Through
Let us continue people!!, DC2 is here from my DC series this was pretty interesting as we needed more creativity and a little bit of guessing for how to proceed and keep on going with getting a shell, this box…
Published
-
DC-1 Walk-Through
Today we will check on the DC series from Vulnhub very great series to begin for Pen testing and to keep a fresh mind for practicing some hacking let’s begin. Started with a arp-scan to find the target box Proceeded…
Published
-
Root-This Walk-through
Another day another box, been somewhat busy with stuff, I really want to be active on my blog but my frequent changing to stuff on what to write, or what to do is killing me sometimes I do some vulnerable…
Published
-
Troll Write-Up
Let me continue with another post on another awesome and very troll machine from vulnhub it was great at the beginning then all down hill from there incredibly full of rabbit holes and lot’s of creativity to get this one…
Published
-
Goatse Write-Up
Let me start very simple so I kinda wanted to sharpen more my skill in pentesting and decided to do as many vulnhub boxes that I can on my free time, as it seems some of these old school hacks…
Published
-
Pen-test Challenge
•
So the reason I am calling this a Pentest Challenge is cause it seems that a few people new to the industry don’t understand the fact of computer security seems that the famous ‘iPhone’ is still unbreakable and looks like…
Published
-
AV Evasion
•
Let me get started that these techniques that I am writing are the most basics one’s out there I am keeping a reminder here that sometimes simplicity works and I don’t need to go the extra mile for an AV…
Published
-
OSCP Review (Another one…)
•
OSCP Passed!! Some of my thoughts on this Well after some sleepless nights, poor meals and hard work #TryHarder I am glad to say that I officially passed the OSCP challenge it was a challenge I do say really got…
Published
-
OSWP Thoughts
•
I’ve been busy lately with new attack tools, hackthebox, practical pen-test and pen-tester academy (Wow whats wrong with me) but I have been working on me OSWP (Offensive Security Wireless Professional) So without many spoilers I will mention that this…
Published
-
Buffer Overflows (Free-float FTP)
•
Finally after some hard work I managed to understand and create my first buffer overflow it has been amazing and really worth the learning of course some people might say that this is really to old school as there are…
Published
-
Dynamic Port Redirection (Meterpreter)
•
So lets say you have a shell on a machine that you gain access to over WAN (not LAN totally two different things) you’ve gain root but now you are interested in checking out the local network of your target…
Published
-
DVWA Brute Force (Hydra)
•
Today is a quick example on how to brute force a low security login form on the DVWA machine using Hydra You will need Kali Linux Hydra DVWA Burp Suite Wordlist First we need to capture the Login request with…
Published
-
Web Vulnerability
•
Well it took me a while to write my first post but I was really thinking what do I really wanted to start writing about?? what was good that I can write for my first post……SO after much thinking I…
Published
Quick Navigation
Looking for something specific? Use the category filters above or reach out for personalized security consultation.
DMCXBLUE 