Citadel 2.0 is a new version of my binary static analysis framework. This post looks at the new features, including the introduction of Ember 2024, a vibe-coded UI, and some new analysis features.
In a series of agentic blog posts, this is my final one exploring how agents can support ops using a C2 framework. The post looks at two examples: host triage, and LPE analysis - as well as some other use cases for agents in red teaming.
I read about MCP a while ago and had some time to build something out. In this blog, I go over a basic setup of an MCP agent which is capable of answering network based questions like where is the domain controller.
In this blog, I will explore Retrieval-Augmented Generation (RAG) and how it can be applied to research capabilities. RAG is a framework that integrates retrieval-based models with generative AI to provide accurate and context-aware responses by storing and retrieving snippets of relevant information prior to prompting.
Citadel is a payload analysis framework that I built to enable me to review payloads prior to using them on engagements. The inner PE parsing logic will also be used for future projects and will act as a core component to my research projects.
Offensively Groovy is a repository that documents how to use Groovy scripts for post-exploitation purposes. The project explores malicious capabilities of Groovy both for Windows and none-specific Operating Systems.
Using an LLM to categorise Windows DLL Exports for malware analysis.
Discussing the importance of Guardrails in red team implants with some POCs.
Organising penetration testing data for data science, analysis, and reporting.
Looking at the raw data EDRs are working from and recreating them where possible.
The Maelstrom C2 series published at pre.empt.blog where we discussed the internals of C2, evasion, and general implant development for red and blue.
Looking at Windows processes and how they can be used to detect nefarious activity: threads edition.