Citadel is a payload analysis framework that I built to enable me to review payloads prior to using them on engagements. The inner PE parsing logic will also be used for future projects and will act as a core component to my research projects.
Offensively Groovy is a repository that documents how to use Groovy scripts for post-exploitation purposes. The project explores malicious capabilities of Groovy both for Windows and none-specific Operating Systems.
Using an LLM to categorise Windows DLL Exports for malware analysis.
Discussing the importance of Guardrails in red team implants with some POCs.
Organising penetration testing data for data science, analysis, and reporting.
Looking at the raw data EDRs are working from and recreating them where possible.
The Maelstrom C2 series published at pre.empt.blog where we discussed the internals of C2, evasion, and general implant development for red and blue.
Looking at Windows processes and how they can be used to detect nefarious activity: threads edition.