Navigating The Shadows
  • About This Gitbook
  • Red Team Operations
    • Initial Access
      • Webshells
        • Java (JSP) - Bring Your Own Jar
        • IIS - SOAP
      • Macro Attacks
        • Talking Documents with SpVoice COM
        • Binary File Write via Microsoft Speech API
        • Mark-Of-The-Web Bypass with 7-zip
    • Azure and O365
      • PRT Abuse from Userland with Cobalt Strike
      • Enumerate Azure AD with AzureHound from Userland
    • AWS
      • Role Abuse: SSM
    • OffSecOps
      • Arsenal Aggressor Script
  • Red Team Infrastructure
    • AWS
      • Connectionless Ansible Deployment with Terraform via SSM
  • Training
    • Operational Purple Teaming for Defenders
  • Training Reviews
    • Offensive Security
      • OSED
  • VULNERABILITY RESEARCH
    • RCE In HPE Insight Cluster Management Utility (CVE-2024-13804)
Powered by GitBook
On this page
  • Target Audience
  • About Myself
  • Other Red Team/Offsec Resources

About This Gitbook

Navigating The Shadows contains personal notes on my journey through offensive and defensive security. I write when I have time and feel like it. Sometimes I just drop links to other work.

I am not always correct. Do not treat these notes as such. I learn by doing and make certain assumptions along the way. Feel free to ping me if you have a suggestion for improvement/correction.

You are responsible for your actions. Do not use my work for malicious purposes.

Target Audience

I write these notes in first place for my own future reference. The Cybersecurity field is massive and it is often difficult to navigate and manage all the knowledge. Likely, I am not the only person struggling with this. Therefore, I decided to make my notes publicly available. May they help you in your journey as well.

About Myself

I am the Red Team Operations Lead at DXC Strikeforce. My journey in Cybersecurity started in 2017 with an ethical hacking course in college. Since then, offensive security sparked my interest and I secured an internship in the Threat and Vulnerability Management team in DXC Technology.

From there, I got into Web Application pentesting, made my way to Infra and Active Directory pentests and ended up in Red Team Operations. Along the way, I picked up some trainings and certifications, managed some internal innovation projects, organized workshops with internal blue teams and further developed my skillset with the support of my colleagues.

My philisophy is simple: The best way to completely understand a technical topic is by doing it. This is what this Gitbook is all about. Enjoy!

Other Red Team/Offsec Resources

Becoming a red teamer is a continuous journey and not a destination. Personally, I would not have made it this far without some of the great resources out there. I listed some below and will likely expand on this list in the future:

  • ired.team: Likely one of the best and most complete Red Team guides out there. It covers many basic and advanced topics on a technical level. This Gitbook inspired me to make my own documentation and contribute to the community as well!

  • SpecterOps

  • MDSec

  • OutflankNL

  • xpn's blog

  • redteamer.tips

  • RedTeamSec Reddit and Discord

  • BloudHoundGang Slack

  • Porchetta Industries Discord

  • NCCGroup

  • ...

NextInitial Access

Last updated 7 months ago

Page cover image