🚀 Attention, House of Red Teamers! Ready to breathe fire into your cyber skills with some legendary training in the New Year? Here are my dragon-approved picks for your quest! 🏰 "Modern Initial Access and Evasion Tactics" by @mariuszbit - It's like mastering the secrets of King's Landing! Why? Because mgeeky is the Ned Stark of cyber: humble, approachable, and passionate. His course isn't just a learning experience; it's a journey through uncharted cyber realms where his passion and dedication shine brighter than dragon fire! 💻 @MrUn1k0d3r "Offensive Coding Weekly Workshop" - Ever wished for a friendly wizard in the realm of coding? That's Mr.Un1k0d3r for you. Approachable, not showy, and responds on Discord faster than ravens in Westeros! His live coding sessions are like watching a maester at work – pure magic and super insightful. 🔍 "Red Team Ops" by @zeropointsecltd - It's the Iron Throne of ops training! You get access to Cobalt Strike and a curriculum that's updated for life. Plus, the instructor's British charm? It's like having a cup of tea with Tyrion Lannister while learning the arts of cyber warfare. 🌟 @SEKTOR7net courses - From the moment you enroll, it's like stepping into a Citadel of learning. The authenticity and simplicity are unmatched. It's like finding the most straightforward map to navigate the complex world of cybersecurity. 🚫 Aim for Valyrian steel, not just shiny certificates. Remember, in the realm of cyber, your skills matter more than a cert for HR's eyes or a course creator's Lambo glamour. 👉 What's your training weapon of choice this year? Let's conquer the cyber realm together!

Still amazed that in 2025, I’m seeing cleartext passwords stored in user account attributes… and the guest account? Enabled, no password required. Might as well bring back ‘admin/admin’ while we’re at it.

@EmericNasi Wait… does this mean you’re dropping a special 40th edition of your Red Team Tools to celebrate? Limited release, gold-plated exploits included 😁

@kleiton0x7e @BHinfoSecurity @kleiton0x7e Can you please DM me ? I have a question regarding your CS profile blog

@BHinfoSecurity Offensive Macro course :

@BHinfoSecurity

Real talk: Wiz has had my back on red team ops more times than I can count. It’s flagged things like anonymous access on my Azure Storage account and exposed ports on VMs before they even hit my radar. This tool is seriously powerful. If your org has Wiz, leverage it it’s the unsung hero of infra security.

If I had to choose between a lifetime membership at Mar-a-Lago or joining Initial Access Guild… let’s just say, I’m not packing my golf clubs. 🏌️‍♂️📷🔥

With Azure CDN Edgio (a red team favorite) gone, Azure Front Door is now one of the techniques I use alongside other Azure features. Blue teamers, which is harder to detect: CDN with host headers or Azure Front Door? I’m planning to write a blog comparing different Azure features in terms of detection, pros, and cons would love your insights!

On vacation, sipping my morning coffee, and it hit me how lucky I am to live in an era with legends like you. Time for a big shoutout: @_RastaMouse You’re British, so let me say this in true The Gentlemen style: you’re the Mickey Pearson of red teaming—classy, strategic, and always ten steps ahead. My journey started with your Rasta HTB box, then ZeroPoint Security (Red Team Ops), your Patreon, and Red Team Ops II. Absolute top-tier inspiration. @mariuszbit You’re Polish, and let me say, Initial Access has never been so polished. Your Guild discord group made hacking feel like art. Dziękuję for making me enjoy every step of the process. @MrUn1k0d3r From Montreal—cool, humble, and understated, like the city itself. Your offensive workshop? Absolute fire. You’re like the cyber equivalent of Montreal’s bagels: unique and impossible to replicate. And of course, a big thank you to so many others I didn’t mention here—you all rock and make this community amazing. Happy holidays!

The best part of Sunday after shoveling snow? Checking your phone and realizing you’re the chosen one. Destiny calls, and it’s @mariuszbit -approved.

It was an in-house red team, not an external consulting engagement, and the activity didn’t take place in the US, so no FBI involved, haha. From what I was told, there was a major communication gap between the blue team and the red team. Usually, the blue team would reach out to the red team manager to confirm any activity before taking further action. Honestly, I didn’t believe it myself at first, but after seeing the evidence, it made sense.

@vysecurity I tried it for a day about a year ago and attempted to run Cobalt Strike on Kali ARM64, but it wasn’t successful—it didn’t seem to like ARM architecture. Ended up getting rid of it. Not sure if things have changed since then.

@reybango Don’t know the exact details, but based on my conversation with him, his infra wasn’t secure enough, and his team server got compromised. But still, that doesn’t justify why the blue team called on him.

@vysecurity Funny how this always seems to happen in the banking industry. Happened to me once—went to a branch to do WiFi testing, and next thing I know, I’m being treated like a criminal. And this was after the branch manager was notified in advance!

Even with a ‘get-out-of-jail-free’ card, the operator still got arrested. Like, what’s the point of issuing it if it doesn’t actually prevent this kind of chaos? Feels like when execs sign off, they don’t really think about the real-world consequences. This needs to change

@w3n0ga5h Amazing!!! thank you so much