MCMarco Carolainblog.redghostops.com·May 8 · 10 min readSAM-EXFIL: Credential Extraction via Raw NTFS Volume ReadsAs red teamers regularly operating against mature Windows environments, we frequently encounter endpoint detection and response solutions that monitor access to Windows credential hive files at the AP31M
MCMarco Carolainblog.redghostops.com·Apr 12 · 18 min readRexLDR | Anatomía de un Shellcode Loader Moderno: Técnicas, Evidencia y Perspectiva DualEl 90% de los loaders mueren en los primeros 30 segundos Dato de contexto antes de entrar en materia: según la telemetría de Microsoft Cyber Signals 2025, más del 90% de los intentos de inyección de 10
MCMarco Carolainblog.redghostops.com·Nov 6, 2025 · 6 min readWindows Anti-Forensics: Erasing Tracks to Evade Blue Team in Red Team OpsIn red team engagements, persistence is only half the battle evasion is the other. A single overlooked log, cached DNS entry, or recoverable deleted file can unravel an entire operation. This post det10
MCMarco Carolainblog.redghostops.com·Nov 6, 2025 · 16 min readLiving in the Run Key: Practical Persistence for Red Team OpsDescription from ATT&CK Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or sta10
