| 26-09-2025 |
Using EMBER2024 to evaluate red team implants |
As EDR detections get better and utilise ML extensively, its important to understand what makes a sample good or bad. This blog looks at EMBER2024 and how it can be used to evaluate red team implants. |
| 28-06-2025 |
Citadel 2.0: Predicting Maliciousness |
Citadel 2.0 is a new version of my binary static analysis framework. This post looks at the new features, including the introduction of Ember 2024, a vibe-coded UI, and some new analysis features. |
| 03-06-2025 |
Exploring Agentic C2 Operations |
In a series of agentic blog posts, this is my final one exploring how agents can support ops using a C2 framework. The post looks at two examples: host triage, and LPE analysis - as well as some other use cases for agents in red teaming. |
| 28-03-2025 |
MCP: An Introduction to Agentic Op Support |
I read about MCP a while ago and had some time to build something out. In this blog, I go over a basic setup of an MCP agent which is capable of answering network based questions like where is the domain controller. |
| 11-02-2025 |
From RAGs to Riches: Using LLMs and RAGs to Enhance Your Ops |
In this blog, I will explore Retrieval-Augmented Generation (RAG) and how it can be applied to research capabilities. RAG is a framework that integrates retrieval-based models with generative AI to provide accurate and context-aware responses by storing and retrieving snippets of relevant information prior to prompting. |
| 15-01-2025 |
Citadel: Binary Static Analysis Framework |
Citadel is a payload analysis framework that I built to enable me to review payloads prior to using them on engagements. The inner PE parsing logic will also be used for future projects and will act as a core component to my research projects. |
| 22-10-2024 |
Offensively Groovy |
Offensively Groovy is a repository that documents how to use Groovy scripts for post-exploitation purposes. The project explores malicious capabilities of Groovy both for Windows and none-specific Operating Systems. |
| 01-09-2024 |
Categorising DLL Exports with an LLM |
Using an LLM to categorise Windows DLL Exports for malware analysis. |
| 01-09-2024 |
Execution Guardrails: No One Likes Unintentional Exposure |
Discussing the importance of Guardrails in red team implants with some POCs. |
| 01-09-2024 |
From Chaos to Clarity: Organizing Data With Structured Formats |
Organising penetration testing data for data science, analysis, and reporting. |
| 01-03-2023 |
Maelstrom: A C2 Series |
The Maelstrom C2 series published at pre.empt.blog where we discussed the internals of C2, evasion, and general implant development for red and blue. |
| 03-11-2022 |
Windows Processes, Nefarious Anomalies, and You: Threads |
Looking at Windows processes and how they can be used to detect nefarious activity: threads edition. |