The OFFCEPT
Blog
Technical research and operational intelligence from certified operators. Red team tradecraft, adversary TTPs, detection engineering, and offensive security strategy — written by the people running the engagements.
Active Directory Attack Paths: What Red Teamers Find Every Time
The same misconfigurations appear in almost every AD environment we test. Here are the attack paths we find repeatedly — and the controls that stop them.
The Human Element: Why Social Engineering Still Works in 2025
Despite billions spent on security awareness training, social engineering success rates remain stubbornly high. We look at why — and what actually changes behaviour.
MITRE ATT&CK v15: What Changed and How to Apply It
ATT&CK v15 introduced updates to data sources, detections, and sub-techniques. We break down what changed and how to incorporate it into your programme.
Cloud Penetration Testing: The Misconfigurations That Matter
Cloud environments are not inherently more secure — they're just misconfigured differently. Here are the findings we see most often in AWS, Azure, and GCP.
Building a Detection Engineering Program After Your First Red Team
Your first red team surfaced significant detection gaps. Here is a structured approach to building detection engineering capability that closes them systematically.
Cobalt Strike Alternatives: What Threat Actors Are Using Now
As Cobalt Strike signatures become widely detected, threat actors have shifted. We examine Brute Ratel, Havoc, and custom implants in real engagements.