Yay! #RedTeamTools treats me so well 🥰

I can't wait until they get me set up with my own page there, and start carrying my tool designs!

Thanks @deviantollam you're amazing 💖

https://www.redteamtools.com/

#Locksport #Lockpicking

Hey Fedi! I have the opportunity to work with @deviantollam and Red Team Tools to have my own lockpick designs and kit on their site! 🤯

If there was a modular pick kit, based on my EDC, with a suitably "Alice-like vibe", at a flexible price-point, would you be interested in it?

Here are my initial thoughts:

Alice's minimal EDC:
[ ] double-sided turning tools (S/M/L)
[ ] slim, teardrop-tipped short hook x2
[ ] sturdy gem-tipped medium hook x1
[ ] double-hump w-rake x1
[ ] tiny case

Alice's expanded EDC:
[ ] warded pick set
[ ] traveler's hook
[ ] jiggler set
[ ] common keys (like TSA007, CH751, FEO-K1)
[ ] common bypass tools (shims, bypass drivers)
[ ] prybar turning tools
[ ] larger case for expanded kit

Extras:
[ ] Deviant's "Practical Lockpicking" Book
[ ] a interchangeable core padlock (w/ easy core)
[ ] spare cores (intermediate x1, difficult x1)
[ ] KiK cylinder holder (A-clip)
[ ] blank stock for DIY tools

(everything listed above is stuff I use *constantly*, in roughly descending order)

For the picks (and some of the extras), I'd like to do skeletonized handles with laser cut designs that folx associate with me (bunny silhouettes, heart-shaped love locks, etc), because I figured other companies I won't name already have the tacticool crowd's tastes covered.

This is, of course, subject to change/tweaking as it develops, but Deviant and I are both excited to make it happen. And of course, of course, y'all know I wouldn't put my recommendation on anything that I didn't test myself and *thoroughly* approve of.

#Locksport #Lockpicking #RedTeamTools

GHOSTCREW is an AI-assisted, open-source red team toolkit designed to coordinate established penetration testing tools through conversational prompts, task trees, and structured workflows.

Its approach reflects a broader shift toward agent-supported security testing - emphasizing orchestration, repeatability, and reporting rather than fully autonomous exploitation.

For security teams, this highlights the need to understand how AI-enhanced tooling changes both testing efficiency and defensive assumptions.

How should organizations account for agent-assisted red teaming in their security strategy?

Source: https://cybersecuritynews.com/ghostcrew-red-team-toolkit/

Follow @technadu for objective infosec reporting and analysis.

#InfoSec #RedTeamTools #Pentesting #AIinCyber #ThreatModeling #OpenSourceSecurity #TechNadu

I set out to try my speed-picking tournament software I wrote a couple days ago. The goal? 20 different locks picked in under 10 minutes 😯

So, here's a video of me picking 20 locks in 5:47 😋

Plus another 9 in in 1:19 as a victory lap 😘

Aside from the locks in the victory lap, there were no more than 2 of each model of lock. 8 locks had security pins (BEST, Ace, Brinks, and some of the Masters), 2 had tubular cores (Kryptonite, American), two were warded locks, and the rest were standard.

Thanks again to #RedTeamTools and @deviantollam for some of the tools I used for this challenge (the tubular pick, warded pick, and one of the turning tools from RTT's starter set).

I'll attach the screenshot of the software with the lock times in a reply.

#Locksport #Locks #SpeedPicking

My girlfriend and I went to the park and 32 love locks followed us home. Now to sacrifice them to our polycule... bwahahaha!

Thanks again to @deviantollam at #RedTeamTools for the great gear; I used a few of your tools on this outing.

#AlicePics #Locksport #Love #Locks #Lockpicking #Locktober

My partner and I went out love lock hunting recently. We baked in the sun, but came back with 13 lucky couples.

While I was decoding a distinctive-looking combo lock, an older guy came walking across the street to us and said "Hey! what the hell are you doing to my lock?" I told him "I'm opening it, but I can lock it back up when I'm done, if you'd like". We ended up having a conversation about lockpicking, laws regarding love locks, and why it's important to get marine-safe locks if you're deploying it in a place near salt water (or other adverse conditions). I popped the lock while we were talking, and showed him how I did it.

It's the 4th from the left, with the yellow side panel 😋

#AlicePics #RedTeamTools #Locksport #Locks #LoveLocks

Sliver too mainstream? Cobalt Strike too patched? Say hello to Havoc.

@FortiGuardLabs just broke down a malicious Havoc C2 sample — and it’s bringing that open-source, post-exploitation energy with extra attitude.

Built for red teamers but abused by threat actors, this sample goes full dark mode:

• Shellcode loader in C++
• AES-encrypted payload
• XOR junk code to slow reverse engineering
• Dynamic API resolving
• LOLBin delivery via regsvr32

It’s like someone asked: “What if malware devs went full GitHub?” (never go full GitHub)

🔗 Full breakdown:
https://www.fortinet.com/blog/threat-research/dissecting-a-malicious-havoc-sample

TL;DR for blue teamers:

• Havoc ≠ harmless just because it’s open source
• Monitor regsvr32, rundll32, mshta — Havoc loves its LOLBins
• Watch for process injection + thread creation anomalies
• Memory analysis > file-based detection here
• Don’t assume your EDR is catching every beacon on port 443

Is it threat emulation or a real attack?

— Blue teamer having a full-blown identity crisis at 2am

Shoutout to @xpzhang and team for their amazing work!

#ThreatIntel #MalwareAnalysis #HavocC2 #RedTeamTools #PostExploitation #Infosec #BlueTeam #ReverseEngineering #CyberSecurity

This tool deserves the naming of a "swiss army knife".

https://github.com/lefayjey/linWinPwn

#RedteamTools

Wireless Penetration Testing Tools You Should Know 📡🔐

Wireless networks can be a critical attack surface if not properly secured. These tools are widely used in authorized lab environments to assess the strength of Wi-Fi configurations and encryption protocols.

Use cases include:
• Testing weak encryption (WEP/WPA)
• Detecting rogue access points
• Capturing and analyzing authentication handshakes
• Teaching wireless attack vectors in controlled labs

Disclaimer: This content is for educational and ethical use only. Wireless testing must only be performed on networks you own or have explicit authorization to audit.

#WirelessSecurity #WiFiPentest #CyberSecurity #InfoSec #EthicalHacking #EducationOnly #RedTeamTools #WirelessAuditing #AircrackNG #WPA2