ShinobiOps - Red Team Tips @shinobiops - Tumblr Blog

FeliCA

Basics of FeliCA vs other NFC standards. (Japanese standard)

入退室管理システム、ICカード、顔認証、セキュリティゲートといった、より安心・安全な社会を目指すセキュリティに関するセキュリティ情報メディアサイトです。

Resurrecting this blog :) Happy 2026

#redteam #lock picking #hacking #physical security

Dumping hashes without triggering EDR

After getting annoyed with nanodump being detected I did some searching for methods that can dump LSASS without triggering sensors. Recently I had read about a method using Forensics software doing a full ram dump.

A link to that article is here - https://pentestmag.com/bypass-lsass-dump-protection-with-ram-dump/ (commands as listed did not work, so here is a fresh post)

I decided to give this a shot however against Crowdstrike Falcon, first downloading Magnet Ram Capture - https://support.magnetforensics.com/s/article/Acquire-Memory-with-MAGNET-RAM-Capture

(Requires a biz email)

Armed with Magnet Ram Capture I was able to dump all data from Ram without triggering any Crowdstrike Falcon alerts.

Avoid setting a segment size, life was easier with all ram dumped to a single file.

Now use volatility! The following volatility3 command worked for me -

python3 vol.py dump.raw windows.hashdump

#redteam

GO Race Condition hunting

I recently discovered the power and beauty of the in-built GOLANG race detector -

It can be used in the following ways

$ go test -race mypkg // to test the package

$ go run -race mysrc.go // to run the source file

$ go build -race mycmd // to build the command

$ go install -race mypkg // to install the package

It is recommended you run your project with -race and test as many code paths as possible as you will find more race conditions under load. I found 5 bugs with this just this week!

P.S you will need GCC! :)

#bug hunting #redteam #codereview #dynamic testing

Conditional Access Policies

Ever pop MSOL creds and but still cant access external resources due to access policies or MFA?

Try MS GraphAPI ;) (may lack the same controls as other resources.)

#redteam

The FlipperZero continues to be a great hacking multi tool, capabilities tested so far

LF Badge Cloning

Hotel Key Cloning

Wireless Light Control

Tesla Door charger ports

D&B Arcade cards

NFC Cloning/Bank Cards

I have found the following Github to be a great source for useful files

🐬 A collection of awesome resources for the Flipper Zero device. - GitHub - djsime1/awesome-flipperzero: 🐬 A collection of awesome resources

#hacking #infosec #redteam

Keeping covert access equipment hidden

There are times when I would like to carry things like lockpicks, handcuff keys, and RFID bypass tools on me without drawing attention. I have found matchboxes work great for this purpose.

Additional Sneaky places

hat brim

under belt

in phone case

hidden in shoe

Think about places you are commonly searched and what is felt for, you will quickly find strategies that work best for you.

Stay tuned for more red team tips...

#red team #physical security

Trending Blogs

Recently Viewed Blogs

ShinobiOps - Red Team Tips