Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons https://github.com/EricEsquivel/CobaltStrike-Linux-Beacon #redteam

📢 New article about GAC Hijacking to perform Code Execution and Persistence
📖 1x Playbook - A structured breakdown of the full approach
💡 3x Detection Opportunities
🏹 2x Threat Hunting Queries - Defender & Splunk

https://ipurple.team/2026/02/10/gac-hijacking/ #purpleteam

CustomDpapi: Calling the undocumented DPAPI RPC interface directly, no more calling public CryptUnprotectData! https://github.com/EvilBytecode/CustomDpapi #redteam

An open-source port/reimplementation of the Cobalt Strike BOF Loader https://github.com/CodeXTF2/Cobaltstrike_BOFLoader #redteam

AppLocker Rules Abuse https://ipurple.team/2026/02/02/applocker-rules-abuse/ #purpleteam

Wait, Why is my WebClient Started?: SCCM Hierarchy Takeover via NTLM Relay to LDAP https://specterops.io/blog/2026/01/14/wait-why-is-my-webclient-started-sccm-hierarchy-takeover-via-ntlm-relay-to-ldap/ #redteam

📢 EDR Silencing
📖 1x Playbook - A structured breakdown of the full approach
💡 6x Procedures - Practical, reproducible techniques mapped to real-world operator workflows
🚨 1x Sigma Rule - To help defenders spot this activity
🎯 A compact, practical resource for detection engineers and purple team operators.
💭 Would love your thoughts.

https://ipurple.team/2026/01/12/edr-silencing/

DbgNexum - a Proof-of-Concept for injecting shellcode using the Windows Debugging API and Shared Memory (File Mapping) https://github.com/dis0rder0x00/DbgNexum

Ghostly Hollowing Via Tampered Syscalls https://github.com/Maldev-Academy/GhostlyHollowingViaTamperedSyscalls2 #redteam

Bind Liink - EDR Tampering https://ipurple.team/2025/12/01/bind-link-edr-tampering/ #purpleteam

LSASS Dump | Windows Error Reporting https://ipurple.team/2025/11/18/lsass-dump-windows-error-reporting/ #purpleteam #purpleteaming

Golden dMSA
https://ipurple.team/2025/09/02/golden-dmsa/ #purpleteam

Active Directory Enumeration - ADWS
https://ipurple.team/2025/08/12/active-directory-enumeration-adws/ #purpleteam #ipurpleteam

BadSuccessor | Purple Team Approach #purpleteam #purpleteaming #ipurpleteam
https://ipurple.team/2025/07/28/badsuccessor/

Lateral Movement | BitLocker
https://ipurple.team/2025/08/04/lateral-movement-bitlocker/ #purpleteam

Invoke-Stealth - automate the obfuscation process of any script written in PowerShell with different techniques https://github.com/JoelGMSec/Invoke-Stealth #redteam

A situational awareness Python script to help you find where to put your beacons https://rwxstoned.github.io/2024-12-06-GimmeShelter/ #redteam

Create your own C2 using Python- Part 1 https://g3tsyst3m.github.io/c2/python/Create-your-own-C2-using-Python-Part-1/

The KEY to defeating AV part 1 https://www.youtube.com/watch?v=45-VIIKuKLU&ab_channel=hoagiehacks

Relaying Kerberos over SMB using krbrelayx https://www.synacktiv.com/publications/relaying-kerberos-over-smb-using-krbrelayx