MrSquid

🚨 Workshop Announcement – #BSidesPrague2026 🛠 Jorge Escabias Unveiling the Obscurity: Decrypting Agent-Server Communications Learn how to intercept and decrypt agent-server traffic (HTTP, TLS, mTLS) using binary analysis & Frida—plus hands-on labs and a Sliver C2 case study.

Sunday R&D thoughts, we built a model where all our red team members have R&D time and a dedicated research team. Often, the red teamers kick over PoCs from gigs for future development to the research team to turn into more robust projects, continue to take on the project themselves or make it a joint effort. We first started using our in house implant in 2018 mainly because we couldn't control IoCs end to end inside CobaltStrike, and at the time, there was no concept of BoFs. Today, there are a few great paid options, for example, Nighthawk. If I had to do it over, I would still choose the in house route for our use case mainly for complete code control. However, your milage may vary and purchasing could be a better option. Today, the majority of our tooling is internally developed(We release a bunch of randomness here github.com/trustedsec/The… and the primary repo or via blogs). While we have access to several commercial tools like CobaltStrike, Macropack, and Shellcodepack, we prioritize our internally written tooling for engagements. The nice thing for internal red teams is you now have the option to acquire these capabilities vs. adding headcount, which is often significantly harder. This space and evasion become harder year over year, so while everyone should be able to script and code in the red team space, the speed at which they can do things in C, for example, is significantly different if their primary job role is operating effectively in target environments rather than developing capabilities. If you look at the next ten years, I expect to continue to see operator and developer roles pushing in different directions. The goal here is to keep and retain talent over a long period. People might work nights or in their free time on side projects because they love the space, but this isn't sustainable forever. People have families or different life circumstances and rebalance their priorities more healthily to sustain a career in this space and not set themselves up for burnout. Employers must recognize, understand, and plan for if they're serious about long term success.

#meetup 11: Active Directory Basic Attacks by @MrSquid25 🌍 Discord Only 📅 April 30 - 7pm 🔗 discord.gg/qX8KsJ2R?event… (@defcongroups)

¿Le has echado un ojo a los #RootedLabs? 🧐 Te traemos un resumen de las formaciones de 8 horas que tenemos disponibles. Regístrate directamente en rootedcon.com y selecciona las que prefieras. #RootedCON2024 #Formaciones #ciberseguridad

¡Abrimos el registro para las formaciones de #RootedCON2024! 😎 Tanto los #Bootcamps (3 días) como los #RootedLabs (8h) se realizarán durante los días previos al congreso. Además, el registro a cualquier Bootcamp incluye la entrada a RootedCON.  + info en rootedcon.com

Disponibles las ponencias, entrevistas y galería fotográfica de las #XVIIJornadasCCNCERT| #VJornadasESPDEFCERT 📽️Playlist de ponencias🔗youtube.com/playlist?list=… 📽️Playlist de entrevistas🔗youtube.com/watch?v=W8tyMx… 📷Galería fotográfica🔗jornadas.ccn-cert.cni.es/es/medios/gale…

Announcing enrollment for our Red Team Labs and Challenges (beta) and a FREE live class on "An Introduction to Azure Red Teaming" (cc @AlteredSecurity) redlabs.enterprisesecurity.io #Azure #RedTeam #Pentesting

🗣 Call For Papers for EuskalHack Security Congress VII is now open > If you have an innovative talk or workshop we would like to count on you > You can send us your proposal until next April > euskalhack.org/CFP/CFP_Euskal… #SecurityCongress #CFP

@iso1600_net Buenas! Aquí la tienes: github.com/MrSquid25/PPTs…

@MrSquid25 muchas gracias por el taller de esta mañana, ha sido interesantísimo. Sabes cuándo estarán disponibles las transparencias?

📆Hoy tenemos a parte del equipo en las jornadas de Ciberdefensa organizadas por @CCNCERT y apoyando a nuestro antiguo compañero @MrSquid25 🙌🏻durante su taller tras el cual los usuarios se pensarán dos veces qué protocolo están utilizando para administrar los equipos de su red💻

Seguimos en la sala 20 con la ponencia "Analyzing Logon Sessions from an Offensive Perspective", a cargo de Jorge Escabias @MrSquid25, de @BolsaBME #XVIIJornadasCCNCERT #VJornadasESPDEFCERT

En 2024 NO habrá h-c0n (comunicado oficial) hackplayers.com/2023/10/en-202…

👤 Jorge Escabias @MrSquid25 🔒 Mi primera revisión de directorio activo Más info 👉 rootedcon.com/docs/trainings…

¡Menos de dos semanas para que arranque RootedCON Valencia y, por supuesto, sus formaciones! ⚠️ ¡Ojo! Últimas plazas en algunos de nuestros RootedLabs. 📍 @ADEITUV 📅 15 de septiembre 🗳️ Inscripciones: #trainings" target="_blank" rel="nofollow noopener">rootedcon.com/rootedvlc2023-… Abrimos hilo con todos ellos 👇

Últimos días para la nueva edición de @rootedcon #Valencia y con ganas de impartir un nuevo taller sobre Directorio Activo el próximo 15 de Septiembre. Más info aquí: rootedcon.com/docs/trainings…

¡Últimos días para apuntarse a las formaciones de RootedCON Valencia! 👉 #trainings" target="_blank" rel="nofollow noopener">rootedcon.com/rootedvlc2023-… Eduardo Arriols @_Hykeos Jorge Escabías @MrSquid25 Roberto Amado @ramado78 David Meléndez @TaiksonTexas Carlos Alberca @f00bar_ y Daniel González Pablo González @pablogonzalezpe 👇

Ya queda menos para la @rootedcon #Valencia y mi taller sobre ataques en Directorio Activo con CTF incluído: rootedcon.com/docs/trainings… ¡Os espero allí!

#RootedCONValencia23 #RootedLabs 👉 Mi primera revisión de Directorio Activo con  Jorge Escabías (@MrSquid25) Podréis conocer todos los puntos necesarios para llevarla a cabo. 📜 Más información: rootedcon.com/docs/trainings… 🗳️ Inscripciones: #trainings" target="_blank" rel="nofollow noopener">rootedcon.com/rootedvlc2023-…

Patcher dll for signtool that allows signing with expired certificates github.com/namazso/MagicS…