Bypassing “RemoteSigned” execution policy in PowerShell

In a recent assumed breach assessment I came across an environment that enforced the PowerShell “RemoteSigned” execution policy via Group Policy. “RemoteSigned” execution policy requires that all scripts and configuration files downloaded from the Internet are digitally signed by a trusted publisher.

Read More

A quick review of my CRTL journey

After completing Sektor7’s Malware Development/Evasion track last year, I’ve decided to start 2023 with the long-awaited Red Team Ops 2 (RTO2) from Zero-Point Security, which is a prerequisite course for obtaining the Certified Red Team Lead (CRTL) certification.

Being already aware of the quality of Zero-Point Security courses after completing the RTO1 and the awesome “C2 Development in C#”, I was looking forward to seeing what rastamouse had to offer on RTO2… 👀

Read More

So, how can I get started in offensive security area?

Sometimes people ask me “how can I get started in offensive security area? (pentesting/red team)”. And I must confess that it has been quite challenging to answer that question. I would love to have a silver bullet for questions like this, but unfortunately I don’t… as we know, offensive security is a broad area, with many ramifications and particularities.

However, when thinking more about it, I could identify some points that can certainly help those who are starting in the area and that, despite being nothing new, are sometimes underestimated or even ignored.

As I’ve always repeated these same points in private messages for this kind of question, why not share them here for anyone who might be interested? 😁

Read More