Henrik Falk June 12, 2025
2025 Red Team Tools - C2 Frameworks, Active Directory & Network Exploitation
We're back with another roundup of our favorite red team tools—and this one's a doozy. While these tools represent just a fraction of the specialized expertise our Red Team brings to engagements, they're critical components in any arsenal when executing sophisticated offensive security operations.
bishopfox.com/blog/2025-red-team-tools-c2-frameworks-active-directory-network-exploitation
How To Part 1: Find DllBase Address from PEB in x64 Assembly
We’ll start by figuring out how to find the base address of a DLL (like kernel32.dll or user32.dll) directly from the PEB (Process Environment Block) - a structure Windows maintains internally for each process. I’ll walk through each line of the assembly code I wrote, explaining what it does, why it matters, and how I figured it out - piece by piece. If you’re also trying to understand malware development, red teaming, or AV evasion at a deeper level, this post is for you.
rootfu.in/how-to-part-1-find-dllbase-address-from-peb-in-x64-assembly
The Not So Self Deleting Executable on 24h2
When executing malware in contested territory clearing your tracks is very important. Hence the Lloyd Labs self delete technique which has had interpretations published by many researchers throughout the years. Today we explore why this doesn’t work as expected in 24H2 and how to fix it!
tkyn.dev/2025-6-8-The-Not-So-Self-Deleting-Executable-on-24h2
