> whoami

Offensive Security.
Red Team Operations.
Applied Adversary Simulation.

OSCP-certified offensive security specialist focused on red teaming, exploit development, and advanced penetration testing methodologies.

View ProjectsContact

About Me

I'm an OSCP-certified offensive security specialist with extensive experience in red team operations, penetration testing, and exploit development. My work focuses on identifying and exploiting vulnerabilities in enterprise environments to help organizations strengthen their security posture.

Specializing in Active Directory exploitation, custom tooling development, and evasion techniques, I approach security assessments with an adversarial mindset. From initial reconnaissance to data exfiltration, I simulate real-world attack scenarios to provide comprehensive security insights.

My expertise spans the full attack lifecycle including network enumeration, web application exploitation, privilege escalation, lateral movement, AV/EDR evasion, and persistence mechanisms. I develop custom tools and exploits to tackle unique security challenges.

Technical Skills

Nmap
Reconnaissance
Burp Suite
Web Security
Metasploit
Exploitation
BloodHound
AD Enumeration
Python
Scripting
Bash
Scripting
C#
Exploitation
PowerShell
Post-Exploitation
Cobalt Strike
Red Teaming
Neo4j
Data Analysis
Active Directory
Infrastructure
Linux/Windows
Operating Systems

Featured Projects

A collection of offensive security tools, research projects, and custom exploits developed for red team operations and penetration testing.

PE Injector Framework
Red Team Tools
Advanced portable executable injection framework with multiple injection techniques including Process Hollowing, Thread Hijacking, and APC Queue injection. Implements syscall obfuscation and in-memory execution for AV/EDR evasion.
C#PE InjectionEDR EvasionOffensive
View on GitHub
Crypto Miner Loader Research
Research
Research project analyzing cryptocurrency mining malware deployment techniques, loader obfuscation methods, and persistence mechanisms. Documented common TTP's used in real-world campaigns.
Malware AnalysisResearchReverse Engineering
View on GitHub
WiFi Handshake Capture Tool
Network Tools
Automated wireless security assessment tool for capturing WPA/WPA2 handshakes, performing deauth attacks, and brute-force analysis. Features wordlist optimization and hash cracking integration.
PythonWiFi SecurityPenetration Testing
View on GitHub
Active Directory Attack Toolkit
Red Team Tools
Comprehensive toolkit for AD enumeration, credential harvesting, and lateral movement. Includes Kerberoasting, AS-REP roasting, DCSync, and Golden Ticket attack implementations with OPSEC considerations.
PowerShellActive DirectoryPost-Exploitation
View on GitHub
Custom C2 Framework
Red Team Tools
Lightweight command and control framework with encrypted communications, modular payload system, and anti-forensics capabilities. Built for red team operations with minimal footprint.
PythonC2Red TeamingEncryption
View on GitHub
Web Application Fuzzer
Web Security Tools
High-performance web application security scanner with SQL injection, XSS, and command injection detection. Features intelligent payload generation and false positive reduction.
PythonWeb SecurityFuzzingOWASP
View on GitHub
OSCP Lab Exploits
OSCP Lab Exploits
Collection of custom exploits and methodologies developed during OSCP preparation. Includes buffer overflow exploits, privilege escalation scripts, and enumeration automation.
PythonBashExploitationOSCP
View on GitHub
Shellcode Crypter
Red Team Tools
Multi-stage shellcode encryption and obfuscation tool supporting AES, XOR, and custom encryption schemes. Includes loader generation with syscall evasion and anti-debugging techniques.
CAssemblyCryptographyEvasion
View on GitHub
Network Pivot Automation
Network Tools
Automated pivoting and tunneling framework for internal network assessments. Supports multiple protocols, dynamic port forwarding, and SOCKS proxy chains for lateral movement.
PythonNetworkingPivotingTunneling
View on GitHub

Red Team Capabilities

Comprehensive offensive security capabilities across the complete attack lifecycle, from initial reconnaissance to post-exploitation.

Recon & Enumeration

  • Network mapping and service discovery
  • OSINT and information gathering
  • DNS enumeration and subdomain discovery
  • Web application reconnaissance

Initial Access

  • Phishing and social engineering
  • Public-facing application exploitation
  • Password spraying and credential stuffing
  • Drive-by compromise and watering holes

Privilege Escalation

  • Windows and Linux privilege escalation
  • Exploiting misconfigurations
  • Kernel exploits and driver vulnerabilities
  • Token impersonation and privilege abuse

Lateral Movement

  • Pass-the-Hash and Pass-the-Ticket attacks
  • WMI and DCOM lateral movement
  • Remote service exploitation
  • Kerberoasting and AS-REP roasting

AV/EDR Evasion

  • In-memory execution and fileless attacks
  • Process injection and hollowing
  • Syscall obfuscation
  • Signature and heuristic evasion

Data Exfiltration

  • Covert channel communications
  • DNS tunneling and ICMP exfiltration
  • Encrypted data transfer
  • Cloud storage abuse

Persistence

  • Registry and scheduled task persistence
  • Service and DLL hijacking
  • WMI event subscriptions
  • Golden Ticket and skeleton keys

Reporting & Documentation

  • Detailed technical writeups
  • Executive summaries and risk analysis
  • Remediation recommendations
  • Attack path visualization

Get In Touch

Interested in collaboration, security consulting, or red team assessments? Let's connect.

Send a Message
Fill out the form below and I'll get back to you as soon as possible.
PGP Public Key
For secure communications, encrypt your messages using my PGP key.
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGXxXXXBEADXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxX
xXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxX
xXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxX
... [Contact me for full PGP key] ...

-----END PGP PUBLIC KEY BLOCK-----
Connect
Find me on these platforms
GitHubLinkedInEmail

© 2025 ElliotSop. Built with Next.js and Tailwind CSS.