In this blog, I will explore Retrieval-Augmented Generation (RAG) and how it can be applied to research capabilities. RAG is a framework that integrates retrieval-based models with generative AI to provide accurate and context-aware responses by storing and retrieving snippets of relevant information prior to prompting.
Citadel is a payload analysis framework that I built to enable me to review payloads prior to using them on engagements. The inner PE parsing logic will also be used for future projects and will act as a core component to my research projects.
Offensively Groovy is a repository that documents how to use Groovy scripts for post-exploitation purposes. The project explores malicious capabilities of Groovy both for Windows and none-specific Operating Systems.
Using an LLM to categorise Windows DLL Exports for malware analysis.
Discussing the importance of Guardrails in red team implants with some POCs.
Organising penetration testing data for data science, analysis, and reporting.
Looking at the raw data EDRs are working from and recreating them where possible.
The Maelstrom C2 series published at pre.empt.blog where we discussed the internals of C2, evasion, and general implant development for red and blue.
Looking at Windows processes and how they can be used to detect nefarious activity: threads edition.