Chris Shields's Avatar

Chris Shields

@r00t0v3rr1d3.bsky.social

Red Team

39 Followers  |  60 Following  |  3 Posts  |  Joined: 15.11.2024  |  1.4372

Latest posts by r00t0v3rr1d3.bsky.social on Bluesky

Sir, this is a Wendy’s.

16.07.2025 13:36 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

[BLOG]
Integrating Tradecraft Garden PIC loaders into Cobalt Strike
rastamouse.me/harvesting-t...

08.06.2025 01:43 β€” πŸ‘ 9    πŸ” 5    πŸ’¬ 0    πŸ“Œ 1

This is all part of a broader arch. Advocate for research as a public good, advocate for researchers, and don't let others short-sighted self-interest & lack of imagination create a situation that only benefits them. How? Offer a win-win vision that honors (what were once) shared values. ...

05.06.2025 14:36 β€” πŸ‘ 4    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

It's also a way to continue to encourage, pyramid of pain thinking in the industry. Chase the behaviors. Chase the tradecraft. Sort by most popular tool, write the 100th signature for an already signatured detection surface, doesn't yield gains--makes a lazy blog post on a slow day, but not progress

05.06.2025 14:36 β€” πŸ‘ 2    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0

Planting a Tradecraft Garden

aff-wg.org/2025/06/04/p...

04.06.2025 20:25 β€” πŸ‘ 4    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

And, what of Breach Intel? A culture that values ground truth and sober/blameless discussion. A focus on root causes, contributing factors, and actionable remediations... not sensationalized tool/actor porn. It's possible:

www.cisa.gov/news-events/...

I think of it as an umbrella ideal.

02.04.2025 15:39 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Post image

I made predictions in 2019 at my last talk. A keynote lamenting things were going in a VERY bad direction for hackers. This climate continues. I'm trying steps to influence these trends too. Easier as a ghost more removed from these trends vs. someone being crushed by them

H/T x.com/edskoudis/st...

02.04.2025 15:39 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Preview
Fileless lateral movement with trapped COM objects | IBM New research from IBM X-Force Red has led to the development of a proof-of-concept fileless lateral movement technique by abusing trapped Component Object Model (COM) objects. Get the details.

[Blog] This ended up being a great applied research project with my co-worker Dylan Tran on weaponizing a technique for fileless DCOM lateral movement based on the original work of James Forshaw. Defensive recommendations provided.

- Blog: ibm.com/think/news/f...
- PoC: github.com/xforcered/Fo...

25.03.2025 21:21 β€” πŸ‘ 16    πŸ” 11    πŸ’¬ 0    πŸ“Œ 1

All these people thinking anything is actually β€œdeleted” when you tell them to…re 23andme. Ha.

24.03.2025 17:38 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
GitHub - Cryakl/Ultimate-RAT-Collection: For educational purposes only, exhaustive samples of 450+ classic/modern trojan builders including screenshots. For educational purposes only, exhaustive samples of 450+ classic/modern trojan builders including screenshots. - Cryakl/Ultimate-RAT-Collection

Someone has done an excellent job collecting RATs and documenting them by version. They also included images.

A+ work. This is amazing (we're going to ingest this eventually)

github.com/Cryakl/Ultim...

22.03.2025 17:25 β€” πŸ‘ 47    πŸ” 18    πŸ’¬ 0    πŸ“Œ 1
Preview
Bypassing Windows Defender Application Control with Loki C2 Microsoft offers a bug bounty for qualifying bypasses into Windows Defender Application Control. Learn how IBM's X-Force team found a bypass using Loki C2.

Reposting here so people don’t have to go..there. β€œLoki C2 blog drop”. All credit to Bobby Cook (0xBoku), I’m just relaying.

securityintelligence.com/x-force/bypa...

18.03.2025 18:17 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Dig through this timeline and you'll figure out what I'm here to do. I spoke to a commercial leader in the offensive security space last year. My words: you're fucking it up.

What I didn't say: I feel compelled, even though I DON'T want the bullshit, to try and fix it.

What does all of this mean?

15.03.2025 03:57 β€” πŸ‘ 24    πŸ” 10    πŸ’¬ 2    πŸ“Œ 4

By the way, who thinks about what does and doesn't work (and why)? Security researchers. Red teams. That's our message. And, when you vilify us, you kick us out of the conversation because we have to protect ourselves too. And, this vilification has gone on for a long damned time.

15.03.2025 03:57 β€” πŸ‘ 9    πŸ” 3    πŸ’¬ 1    πŸ“Œ 0

Imagine a discipline called Breach Intelligence. Instead of describing breaches as tools+actors, we use root-cause analysis to dissect the attack path, identify contrib factor issues, and their mitigations. And, aggregate data about which compensating controls (security products) failed

15.03.2025 03:57 β€” πŸ‘ 8    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0

The Security Conversation - The value of offensive security work is fully realized by participation in the security conversation.

aff-wg.org/2025/03/13/t...

14.03.2025 02:51 β€” πŸ‘ 11    πŸ” 5    πŸ’¬ 0    πŸ“Œ 1
Preview
Abusing DNS, Part 1: How does DNS do what it do? DNS is one of the protocols that make the internet possible. In many ways DNS is the phone book of the internet. DNS turns the domain you are trying to get to into the IP address your computer needs t...

Kicking off a new blog series. We will be exploring and abusing DNS by building a key/value store.

www.offensivecontext.com/abusing-dns-...

20.02.2025 19:52 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 2

@r00t0v3rr1d3 is following 19 prominent accounts