vault.aex.red // Rules of Engagement
This is a collection of offensive security research, training, notes, and PoCs. It exists so I can get better at what I do. Use it for good, or at least use it for learning.
The Golden Rule: Don’t Be A Tool
The tools and techniques documented here are for authorized security testing and educational research only. If you’re using this stuff to break into things you don’t own, or to cause grief for people just trying to get through their day, you’re in the wrong place.
1. Lab it up
Lots of the information here is “spicy”; it can be used to crash services, break stuff, or trigger alerts. Only use it if you understand what it does. If you break your own stuff, that’s a learning experience; if you break someone else’s, that’s a problem.
2. Permissions are everything
Red teaming is only cool when it’s consensual. If you don’t have explicit written permission, don’t touch it. If you think you’re smarter/better, remember that everything creates artifacts that can be traced back to you in some way. I don’t know of any old, retired hackers who “got away with it” and prospered well in their later years. Maybe you do.
3. “As-Is” Policy
I’m sharing these notes as I’ve written them along my offsec journey. They might be (are) messy, they might have bugs, they probably aren’t the best way to do something, and they might stop working after a Windows update. Use this info at your own risk. I’m not responsible for your actions or your broken VMs.