Bloodhound for Blue and Purple Teams. Contribute to DefensiveOrigins/PlumHound development by creating an account on GitHub.

.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers - Kevin-Robertson/InveighZero

There are two big issues blueteams everywhere have: alert fatigue and a lack of coders. Read on to see how Shuffle can help..

It is easy to script analysis steps with IDAPython, but now we want to automate this analysis over, let’s say, 10,000 files. I did a quick Google and I couldn’t find a guide on how to p…

Explore cutting-edge cybersecurity research and analysis from LevelBlue Labs. Gain deep insights into emerging threats and innovative defenses

While analyzing real-world systems, memory analysts will often encounter anti-virus (AV) engines, EDRs, and similar products that, at first ...

Automate your RedELK infrastructure deployment with Ansible, streamlining your red team operations and enhancing visibility with a scalable ELK stack,…

Estimated Reading Time: 15 minutes Establishing a red team infrastructure for your operation is something you need to take care of every time, and you need to make sure it’s working without any obstacles before you begin your operation. Every time I start…

Introduction In-memory tradecraft is becoming more and more important for remaining undetected during a red team operation, with it becoming common practice for blue teams to peek in to running...

Kerberos protocol attacker

Author: Nikolaos Pantazopoulos Co-author: Stefano Antenucci (@Antelox) And in close collaboration with NCC’s RIFT. 1. Introduction Publicly discovered in late April 2020, the Team9 malware fa…

This post is Part III in a series about my experiences attacking FreeIPA. In Part I of this series, we reviewed some of the background and…

A post exploitation framework designed to operate covertly on heavily monitored environments - bats3c/shad0w