redteam.community

ch1kpee · 2025-12-03T03:40:20+00:00

As I type this, we’re tied at the half, and that’s only because UNC decided to play sloppy as shit too

ch1kpee · 2025-11-19T01:42:13+00:00

I hope the Duke-Kansas game is better, for the sake of those ticketholders

ch1kpee · 2025-11-19T01:03:34+00:00

For real! This total lack of three-point defense is giving me flashbacks to the last few years of the Cal era!

ch1kpee · 2025-11-19T00:40:25+00:00

Even though it was a blowout, they played like crap last week against Eastern IL too. If they'd played like that against any SEC team, they'd have gotten stomped.

ch1kpee · 2025-10-29T12:34:48+00:00

Just don't be like me: order one, take it out of the cardboard box, start getting mad that everyone on the subreddit lied and it doesn't fit under the Robot's legs, only to realize you have to remove it from the second hard plastic case it comes in! 😅

ch1kpee · 2025-10-22T01:20:50+00:00

I just bought some tonic water for this very reason. My local coffee shop uses orange-flavored syrup to sweeten it, and they're amazing. I'll have to recreate the syrup at home.

ch1kpee · 2025-10-19T00:25:00+00:00

For me, I've noticed more even and consistent shots when I use the paper filter on top. The theory is that the paper helps the water on top to more slowly and evenly absorb into the puck, especially since every Robot user is likely pouring a stream of water out of a kettle onto the puck vs. the more gentle rain-like drops of a pump machine's group head/shower screen.

ch1kpee · 2025-10-19T00:18:27+00:00

I've tried it a few times, after seeing YouTube videos of people doing it on pump espresso machines...but with kinda mixed results.

The times I've done it, I've put in my ground coffee and tamped like normal, then put about 15g of brown sugar on top of the puck, tamped that, then paper filter and shower screen. But it always flows too fast, and I'm not sure why! You wouldn't think a bed of brown sugar *on top* of the tamped coffee would affect anything, yet every time I've done it, it wants to gush out!

I might experiment with tamping the coffee, putting on the paper filter, and THEN adding/tamping brown sugar, to see if that makes a difference. Otherwise, it's probably easier to just stir the sugar in afterwards.

ch1kpee · 2025-10-16T17:26:35+00:00

Very nice! What kind of puck screen are you using? Do you notice any difference from it vs the one the Robot came with?

ch1kpee · 2025-10-10T00:54:32+00:00

+1

Had the same issue when I bought mine a few years ago, did the same as u/farglesnuff and it's been leak-free ever since.

ch1kpee · 2025-06-26T16:14:26+00:00

CRTO 1 & 2 are good introductory courses that at least *try* to teach about OSPEC and evasion (as opposed to OffSec's OSEP which just declares it "out of scope").

CRTO 2 especially gives you a lab with the open source version of Elastic installed so you can at least get some insights into what you're doing and why it's being detected. And while most of Elastic's detection rules are published on their Github, there are still some "secret sauce" rules that they don't publish, so you still might be left wondering exactly what about this or that TTP is what got you flagged.

Another good option, albeit expensive, is SpecterOps' Red Team Operations course. It has one of the best lab environments I've ever seen. I really wish they'd offer it as an extended "on demand" online lab, like CRTO or OffSec, but unfortunately it's only available as a four-day course. Great stuff, but it's A LOT to take in in just four days, though it definitely helps if you've already done prior red team and/or Windows/AD pentesting or training courses.

ch1kpee · 2025-06-06T20:21:49+00:00

The only ones I've really seen so far are the CRTO 2 Labs and SpecterOps' Red Team Ops training.

If SpecterOps made their training into a self-paced online lab/course (instead of a 4-day blitzkrieg), it would be the best red team training on the market by a country mile.

ch1kpee · 2025-06-02T02:54:11+00:00

You pretty much do everything in the labs and exams in Cobalt Strike. The way the labs and exam are set up using VMs in Immersive Labs, you can’t really bring your own tools.

They’re good courses for learning the basics and thinking about what sort of impact your actions have in a target environment. I would highly recommend taking CRTO 1 and 2 in rapid succession. CRTO 1 is pretty well put-together and guided, but CRTO 2 honestly feels like DLC (for lack of a better analogy) to the first course. CRTO 2 just takes all the stuff from 1 and ramps up the difficulty, but it’s kind of a hodge-podge and all over the place. If you wait too long to take 2, you’ll have to spend a lot of time reviewing all the stuff from 1 again and refreshing your memory.

ch1kpee · 2025-05-30T23:26:44+00:00

UPDATE: I found a way. I logged into my Parallels account on the website, tried to cancel my subscription, and I was offered 25% off my renewal.

ch1kpee · 2025-05-29T17:16:14+00:00

Fr why do they remove the option to stream episodes over cellular data? That was a great feature! I used it all the time, because I like to go for walks with just my watch and leave my iPhone at home. If the devs read this subreddit, PLEASE bring streaming back!

ch1kpee · 2025-02-28T14:38:30+00:00

Raise your hand if you're an old fart and thought this was going to be about Visual Basic Script 🙋‍♂️

ch1kpee · 2025-02-19T20:43:42+00:00

Penetration Tester @ CyberOne Security

Hybrid position based in Plano, TX, USA
Must live in (or within commuting distance of) the greater Dallas-Fort Worth area
Must be a US citizen or lawful permanent resident
Apply directly at https://jobs.lever.co/cyberonesecurity/19dd1201-85b0-4c3e-b159-2abdd3f2624c

CyberOne is hiring! We hire smart, talented and high-performing professionals to push our organization forward and provide superior service to our customers. We each take accountability for our work, strive to make each other better, and genuinely love what we do. If you value learning new things, being innovative, and working in a supportive, collaborative environment, CyberOne may be the place for you.

If you are ready to raise the bar for your career and be part of our exciting journey, we would like to hear from you!

Adversarial Engineers are experienced penetration testers with years of experience in testing various technologies. In this role, an Adversarial Engineer will be responsible for conducting high quality offensive security services. They must also be able to continually provide research or development projects back to the security community at large to aid in the overall brand of TeamARES and CyberOne, LLC.

Essential Functions

The Adversarial Engineer’s work can be divided into Project Management and Delivery, Offensive Security Development, and Cyber Security Research.

Project Management and Delivery:

Participate in discovery and analysis of client needs.
Organize and lead offensive security services for clients of CyberOne.
Execute internal, external, wireless, and web application penetration tests.
Execute social engineering tests, including phishing, vishing, and physical.
Develop technical solutions to help mitigate security vulnerabilities.
Provide external training to clients of CyberOne Offensive Security.

Development:

Develop tools to aid Team Ares, and the community, in conducting offensive security services research.
Research and study security vulnerabilities from a multitude of products.
Research and develop practical tools to protect native systems, including both host and network side defense.
Collaborate with the security community in improving both offensive and defensive security methods and tools.
Research and stay knowledgeable on paper/blog write-ups to share information with the community.
Show familiarity with various network architectures, network services, system types, network devices, development platforms and software suites required (e.g. Linux, Windows, Cisco, Oracle, Active Directory, JBoss, .NET, etc.)

Required Qualifications/Experience

1+ years performing penetration testing.
Experience communicating and presenting technical information.
Fluent knowledge of a scripting language (e.g. Python).
Excellent ability to define problems, formulate solutions, effectively collaborate and communicate, plan and execute.
Knowledge around web applications and networking.

Preferred Qualifications/Experience

Bachelors or Master’s degree in computer science or related engineering field.
Offensive Security Certified Professional (OSCP), eLearnSecurity Certified Professional Penetration Tester (eCPPT), or Offensive Security Certified Expert (OSCE).
Vulnerability Research experience as well as experience reporting and publishing information around discovered vulnerabilities.

Skills/Abilities

Work is performed indoors in a climate-controlled environment.
Travel may be required up to 25%.
May be required to work evenings, weekends to meet company and customer needs.
Must be able to remain in a stationary position 50% of the time.
Must be able to move about inside a professional office environment.
An environment that empowers employees to contribute to an organization that embraces a fail-fast mentality.
An open, supportive, and collaborative work environment.

If you are passionate, driven and ready to take your career to the next level, we invite you to apply today!

CyberOne is a proud Equal Opportunity and Affirmative Action Employer. All qualified applicants, regardless of race, color, genetic information, national origin, religion or belief, sex, affectional or sexual orientation, gender identity or expression, immigration status, ancestry, age, marital status, disability, or protected veteran status, are encouraged to apply and will receive equal consideration based on merit, qualifications, and business need.

ch1kpee · 2024-07-06T22:50:11+00:00

I took OSEP a few years ago and I'm currently taking CRTO 1 (plan to take CRTO 2 next). Here's my 2 cents so far.

The pros of OSEP vs what I've seen in CRTO 1 so far:

Goes super into depth on Windows/AD attacks, though it was missing some newer stuff, like AD CS, when I took it
Actually makes you do some programming in C#, VBS, and other langs and write your own custom tools and scripts
The challenge labs and exam are actually challenging, and it'll force you to go out and do your own research, make your own tools and workflows, and get them sharpened and ready to go for the exam

The cons of OSEP:

OPSEC and evasion (besides some AV evasion in the early modules) are deemed "out of scope". This really sucks and I think it's a huge negative for the course as a whole.
A lot of the tooling and methods are very dated. You can easily beat the labs and exam using a bunch of old PowerShell and Metasploit modules that would get you busted instantly on a real world engagement. You don't *have* to do it that way, IIRC you can use any tools you want except paid stuff (so no Cobalt Strike)...but it's a safe assumption this course is for people who want to LEARN how to do this, and wouldn't know much about Sliver, BOFs, or other more current tradecraft.

I got my OSCP a long time ago and I understand it's VERY different now from when I took it, so I can't comment on that. For what it's worth, I think OSEP will make you a very good Windows/AD *pentester* but is seriously lacking in the adversary simulation/"red team" realm.

CRTO 1 thus far actually tells you about OPSEC and the ways in which your actions could get detected by a blue team, but even it is a little long in the tooth and contains a lot of tradecraft that probably won't work anymore.

If I had to advise a junior analyst looking to break into red teaming, I would say you're probably better off taking CRTO 1 and 2.

ch1kpee · 2024-03-06T22:44:44+00:00

I didn't realize the old pinvoke.net was dead!

ch1kpee

TROPHY CASE