Red Team

[Exploiting Application Logic to Phish Internal Mailing Lists

by Tanner

Jan, 2023

Medium](https://medium.com/@cachemoney/exploiting-application-logic-to-phish-internal-mailing-lists-486b94fc2ef1)

gaylord M FOCker - ready to pwn your MIFARE tags – LuemmelSec – Just an admin on someone else´s computer

[Give me a browser, I’ll give you a Shell

by Rend

System Weakness](https://systemweakness.com/give-me-a-browser-ill-give-you-a-shell-de19811defa0)

Wra7h/FlavorTown: Various ways to execute shellcode

[Home Grown Red Team: Let’s Make Some OneNote Phishing Attachments

by assume-breach

Feb, 2023

Medium](https://assume-breach.medium.com/home-grown-read-team-lets-make-some-onenote-phishing-attachments-a14f4ef6ccc4)

Offphish - Phishing revisited in 2023

[The toddler’s introduction to Heap exploitation (Part 1)	by +Ch0pin🕷️	InfoSec Write-ups](https://infosecwriteups.com/the-toddlers-introduction-to-heap-exploitation-part-1-515b3621e0e8)
[The toddler’s introduction to Dynamic Memory Allocation	by +Ch0pin🕷️	InfoSec Write-ups](https://infosecwriteups.com/the-toddlers-introduction-to-dynamic-memory-allocation-300f312cd2db)

pwndbg/pwndbg: Exploit Development and Reverse Engineering with GDB Made Easy

Linux Privilege Escalation for Beginners - YouTube

CMEPW/BypassAV: This map lists the essential techniques to bypass anti-virus and EDR

Phishing with GitHub

Maintaining persistent access in a SaaS-first world

OSCP Guide (EN) - hacking

PaulNorman01/Forensia: Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.

mhaskar/DNSKeyGen: A tool to exchange decryption keys for command and control (C2) beacons and implants through DNS records.

(17) TODO: Training on Twitter: “#TODO: Courses is trialing out our new website, with #ReverseEngineering and #OffensiveSecurity courses available for free for a limited time! 🎉🥳 We’re testing out load balancing, content, and other bits and pieces - so all feedback is welcome! 📣 https://t.co/OXPRMcpnKt” / Twitter

fkie-cad/friTap: The goal of this project is to help researchers to analyze traffic encapsulated in SSL or TLS.

gh0x0st/wanderer: An open-source process injection enumeration tool written in C#

namazso/linux_injector: A simple ptrace-less shared library injector for x64 Linux

frkngksl/Shoggoth: Shoggoth: Asmjit Based Polymorphic Encryptor

Practical EDR Bypass Methods in 2022 - István Tóth - YouTube

Mez0: Vulpes: Obfuscating Memory Regions with Timers

[SilentMoonwalk: Implementing a dynamic Call Stack Spoofer

CyberSecurity Blog](https://klezvirus.github.io/RedTeaming/AV_Evasion/StackSpoofing/)

Null Terminated Programming 101 - x64
Intro to x64 assembly programming and writing shellcode that does not contain any null bytes (a common constraint).

Facebook’s ‘Red Team X’ Hunts Bugs Beyond the Social Network’s Walls
Wired article discussing Facebook’s ‘Red Team X,’ whose purview is basically any tech that Facebook uses, including hardware, software, low-level firmware, cloud services, network tools, and even industrial control. It ain’t cheap having teams like this, but Red Team X, Project Zero, and the like are valuable for pushing security forward. Also, shout-out to my bud Vlad Ionescu who is quoted throughout 🙌