Active Directory
Kerberoasting, DCSync, ADCS ESC, RBCD, ACL chains, AS-REP roasting — full AD kill-chain from foothold to DA.
0x10 .activedirectorytradecraft // 0x00000800 permissions read execute
Capabilities & tooling
C2 & Evasion
Cobalt Strike, Sliver, Mythic, Havoc. AMSI bypass, ETW patching, sleep masking, and callback obfuscation.
0x18 .c2Malware Dev
Direct/indirect syscalls, API unhooking, reflective DLL injection, process hollowing, module stomping, stack spoofing, BYOVD.
0x20 .maldevWeb & API
OWASP Top 10 and deeper: SSRF, IDOR, insecure deserialization, broken access control — the flaws scanners miss.
0x28 .webappCloud
Entra ID, Azure privesc, M365. AWS: IAM abuse, KMS, S3 enum, Lambda, GuardDuty bypass. GCP identity chains.
0x30 .cloudLanguages
Python, PowerShell, Bash, C#, C/C++, JavaScript. Shellcode loaders, automation pipelines, custom offensive tooling.
0x38 .languages