@init1security profile picture
Init1Security @init1security

Elevating security with expert offensive strategies

Joined October 2024
  • Tweets 206
  • Following 65
  • Followers 521
16 Photos and videos
Adrian Novoa a Red Team Operator here at Init1Security, talking about Initial Access in 2026, has presented at LayerOne Security in Pasadena CA. youtube.com/watch?v=8derKdV8… #redteam

LayerOne 2026 - RedTeam 2026: Initial Access in Modern Environments...

LayerOne 2026 - RedTeam 2026: Initial Access in Modern Environments...

youtube.com
4
18
1,792
With VSCode Extensions, old becoming new again, remember the "vsix" file type is a file NOT blocked by email filters. 😉😉
Adam Chester 🏴‍☠️@_xpn_
May 21
Everyone losing their minds over the Visual Studio Code payload hitting GitHub. The research was published on @MDSecLabs site in 2023! Red Teams have used this on assessments for ages!! Microsoft knows all of this and didn't bother to fix it!!! IT'S BEEN IN INITIAL-ACCESS FRAMEWORKS FOR YEARS!!!! mdsec.co.uk/2023/08/leveragi…
1
7
4,460
More true words couldn't have been said, we as offensive security researchers take research to the next level, OPSEC, in-memory techniques, BOFs, stack spoofing, creative injections and payload development, EDR evasion, but sometimes the best answer for APTs is just creativity and social engineering.
vx-underground
@vxunderground
May 21
Replying to @vxunderground
Get it? The joke is that malware doesn't need kernel mode access to ruin your life. It can be a.. - Steam game - Video game mod - E-mail appointment reminder - VSCode solution - VSCode plugin - Windows Office Word File - PowerPoint presentation - Microsoft Excel File - File installation script - Outdated computer program - E-mail attachment - Compromised program installers - Compromised PyPi's - Compromised RubyGems - Compromised npm's - ISO files - OneNote notebooks - CHM help files - Malicious .reg files ... BUT DO NOT TRUST AN ANTI CHEAT. IT COULD BE MALWARE
0:03
2
727
We try to to research and implement great ideas from other tools and researchers to our private tooling such as Havoc Pro or Metasploit. It’s great too see them integrate them in our own tools
David
@dmcxblue
Apr 30
Some huge progress with Pickle C2, it can now load "modules" after compilation, they can be added at compiled-time or after execution!. The demo here shows how I can't use inline-execute because the module was not compiled at first but can be loaded for later! #redteam
0:55
2
262
We have released WARDEN in beta testing, if anyone wants to hammer the AI and our very meticulous prompts please go ahead, reach out if you encounter any errors!! #redteam warden.init1security.com
1
3
636
Soon #redteam training.init1security.com/
2
153
A great project!! Currently in development!.
David
@dmcxblue
Apr 20
I am back in beautiful Mexico, and with some down time here and there (when my son sleeps). I get the chance to work on a cool project that reminded me of Veil-Evasion a framework that was the big on payload generation and evasion our internal tooling for @init1security and to give some reference to Mexico I named it Nahual. Utilizing different "Gates" techniques, syscalls methods, encryption and evasion methods they can be activated with a simple flag: '--key-username "demo" --encryption aes, etc, etc.' it's a really big project that I've been wanting to tackle to solve and automate my evasion issues, has been with great success (sometimes), I can use full meterpreter (highly signatured) shells and metasploit as my C2. #redteam
2
280
If you’re in the Los Angeles area, we’re hosting a small introductory session on Red Teaming and AI in Burbank at the hackerspace @nullspacelabs. Drop in, say hi, grab some pizza, and hack on some labs! #redteam meetup.com/nullspacelabs/eve…

AI Red Team Operations, Sat, Mar 28, 2026, 10:00 AM | Meetup

**Course Title**: AI Red Team Operations Note: ***Paid class - $50 - please support NSL and our teachers purchase a ticket:*** Venmo @nullspacelabs Zelle/Paypal [nofoxrese

meetup.com
1
3
692
We added a C2 interface and it’s looking solid. It can load CNA scripts similar to Cobalt Strike, but since PickleC2 is written in Python, we use a Python wrapper for them. Still a pretty nice setup. #redteam
5
68
5,113
We're working on malwareless lateral movement techniques, and what better scripts to handle these methods than Impacket? One of them is their reg[.]py script, which allows us to modify registry keys remotely and gain a semi-interactive shell, keeping the naming convention "regexec" is one of those tools!. #redteam
5
32
2,575
A new tool in our arsenal: DotBlind, a Python script that applies sandbox evasion, anti-debug techniques, AES and XOR encryption to compiled .NET binaries for evasion, it's looking very promising, testing with execute-assembly should be a big win, currently dropping to disk and executing is functional. 🫡 #redteam
0:35
5
19
124
9,786
Living in-memory? Need to run great tools for enumeration, exploitation, persistence, and privilege escalation? SharpCollection has you covered. github.com/Flangvik/SharpCol… #redteam

GitHub - Flangvik/SharpCollection: Nightly builds of common C# offensive tools, fresh from their...

Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines. - Flangvik/SharpCollection

github.com
11
48
1,892
Init1Security retweeted
kapla@LorenzoMeacci
Mar 14
Built an evasive CS RL with Crystal Palace that bypasses Elastic EDR. The evasion lives inside the blob. Not in how it got there. Blog: lorenzomeacci.com/bypassing-… Source: github.com/kapla0011/KaplaSt…

Bypassing EDR in a Crystal Clear Way | Lorenzo Meacci

Most operators spend days engineering the perfect shellcode loader and ship the payload naked. This blog takes you from how C2 payloads actually work under the hood all the way to building a fully...

lorenzomeacci.com
4
87
261
17,924
Init1Security retweeted
HackerRalf@hacker_ralf
Mar 14
Using Crystal Palace and AdaptixC2 maorsabag.github.io/posts/ad…

Sleeping Beauty: Putting Adaptix to Bed with Crystal Palace

A tale of relocations, ROP chains, and the quest to make an Adaptix beacon sleep gracefully.

maorsabag.github.io
34
132
7,329
Excited to deliver our first Red Team workshop in Spanish for Mexico! This course is customized to provide a solid understanding of Red Teaming and to train offline LLMs for Red Team operations, while still working with C2 and following the attack chain: Initial Access techniques, Persistence, Privilege Escalation, and more!. 🇲🇽 #redteam
3
26
1,820
227 tips dedicated to red teaming, OPSEC, infrastructure, payloads, etc. github.com/vysecurity/RedTip…

GitHub - vysecurity/RedTips: Red Team Tips as posted by @vysecurity on Twitter

Red Team Tips as posted by @vysecurity on Twitter. Contribute to vysecurity/RedTips development by creating an account on GitHub.

github.com
3
43
187
13,071
Tokens are incredibly powerful in terms of scope and access. Get the correct one and your access becomes extraordinary. With ANIMO, we try to automate this and use a seamless approach so users can easily obtain and use these tokens. #redteam
8
1,441
Experimented with using WIM files as containers. Normally DISM requires admin privileges to extract them, but you can decompress a WIM byte-by-byte in C#/PowerShell by copying the correct offsets (7-Zip can create the WIM). No admin, no DISM, no wimgapi.dll just PowerShell. Even kept the ADS stream of an LNK payload that extracts and executes via a LOLBIN. #redteam
8
50
2,867
Creative ideas, all the way!!
Mehmet Ergene
@Cyb3rMonk
Mar 4
🔥 github.com/epotseluevskaya/A…
1
332
Load more