# Red Team - [Red Team OPSEC](/codexs-terminal-window/red-team/red-team-opsec.md): This page is just a collection of things I think should be done on a red team operation to hinder detection and response. Work in progress. Will be updated whenever I learn new tricks - [Infrastructure](/codexs-terminal-window/red-team/red-team-opsec/infrastructure.md) - [Example Red Team Infra](/codexs-terminal-window/red-team/red-team-opsec/infrastructure/example-red-team-infra.md) - [Cobalt Strike Redirectors](/codexs-terminal-window/red-team/red-team-opsec/infrastructure/cobalt-strike-redirectors.md): A redirector a day keeps IR away - [Using SSH Tunneling to secure C2 infra](/codexs-terminal-window/red-team/red-team-opsec/infrastructure/using-ssh-tunneling-to-secure-c2-infra.md): Pesky AV vendors keep scanning my stuff >:C - [Red Team Dev](/codexs-terminal-window/red-team/red-team-dev.md): red team related dev work that doesnt directly fall under malware dev - [Extending Havoc C2](/codexs-terminal-window/red-team/red-team-dev/extending-havoc-c2.md): Blog series where I try to explain the third party interfaces in @C5pider's Havoc C2 - [Third Party Agents](/codexs-terminal-window/red-team/red-team-dev/extending-havoc-c2/third-party-agents.md) - [1: Understanding the interface](/codexs-terminal-window/red-team/red-team-dev/extending-havoc-c2/third-party-agents/1-understanding-the-interface.md) - [2: Writing the agent](/codexs-terminal-window/red-team/red-team-dev/extending-havoc-c2/third-party-agents/2-writing-the-agent.md) - [3: Writing the agent handler](/codexs-terminal-window/red-team/red-team-dev/extending-havoc-c2/third-party-agents/3-writing-the-agent-handler.md) - [4: Testing the agent](/codexs-terminal-window/red-team/red-team-dev/extending-havoc-c2/third-party-agents/4-testing-the-agent.md) - [Loader Dev](/codexs-terminal-window/red-team/red-team-dev/loader-dev.md): CreateRemoteThread() - [In Memory OPSEC](/codexs-terminal-window/red-team/red-team-dev/loader-dev/in-memory-opsec.md) - [PE Structures](/codexs-terminal-window/red-team/red-team-dev/loader-dev/in-memory-opsec/pe-structures.md) - [Memory Permissions and Allocation Types](/codexs-terminal-window/red-team/red-team-dev/loader-dev/in-memory-opsec/memory-permissions-and-allocation-types.md) - [In Memory Signatures](/codexs-terminal-window/red-team/red-team-dev/loader-dev/in-memory-opsec/in-memory-signatures.md) - [Evasion Adventures](/codexs-terminal-window/red-team/red-team-dev/loader-dev/evasion-adventures.md): Talk I gave on in memory evasion and memory OPSEC. - [Sleep masking](/codexs-terminal-window/red-team/red-team-dev/loader-dev/sleep-masking.md): Because sometimes set sleep\_mask "true"; isnt enough - [Mimikatz vs Windows Defender](/codexs-terminal-window/red-team/red-team-dev/loader-dev/mimikatz-vs-windows-defender.md): Ever wanted to drop Mimikatz to disk during an engagement? Probably not. Lets do it anyways! - [Indirect syscalls](/codexs-terminal-window/red-team/red-team-dev/loader-dev/indirect-syscalls.md): Referenced from: https://www.cobaltstrike.com/blog/writing-beacon-object-files-flexible-stealthy-and-compatible/ - [Cobalt Strike](/codexs-terminal-window/red-team/cobalt-strike.md): Fire teh lazer! - [Building custom C2 channels by hooking wininet](/codexs-terminal-window/red-team/cobalt-strike/building-custom-c2-channels-by-hooking-wininet.md): Because official specs sometimes (often) suck - [Modifying the Sleep Mask Kit](/codexs-terminal-window/red-team/cobalt-strike/modifying-the-sleep-mask-kit.md) - [Discord Beacon Notifications](/codexs-terminal-window/red-team/cobalt-strike/discord-beacon-notifications.md): :ping: - [Evading Hunt-Sleeping-Beacons](/codexs-terminal-window/red-team/cobalt-strike/evading-hunt-sleeping-beacons.md): Reference: https://github.com/thefLink/Hunt-Sleeping-Beacons - [Beacon Object Files](/codexs-terminal-window/red-team/cobalt-strike/beacon-object-files.md): No mor fork and run - [Misc. Interesting Stuff](/codexs-terminal-window/red-team/misc.-interesting-stuff.md): This is where I put stuff that I'm lazy to categorize