https://pre.empt.blog/ Offensive security research from pre.empt — red-team work, malware development, evasion, and Windows internals, written long-form. en Wed, 20 May 2026 20:50:36 +0000 https://pre.empt.blog/posts/static-data-exploration/ https://pre.empt.blog/posts/static-data-exploration/ Mon, 16 Jun 2025 00:00:00 +0000 Brandon McGrath, Michael Ranaldo Exploring our dataset of malware and benign binaries to find patterns, anomalies, and generally seeing what we have. https://pre.empt.blog/posts/maelstrom-6/ https://pre.empt.blog/posts/maelstrom-6/ Thu, 18 Aug 2022 00:00:00 +0000 Brandon McGrath, Michael Ranaldo Endpoint Protection and Response is complicated for both offence and defence. In this blog we take a look at AMSI and ETW from both perspectives. https://pre.empt.blog/posts/maelstrom-7/ https://pre.empt.blog/posts/maelstrom-7/ Thu, 18 Aug 2022 00:00:00 +0000 Brandon McGrath, Michael Ranaldo Breaking down the Maelstrom DLL and Loader to identify and discuss remediations for indicators-of-compromise. https://pre.empt.blog/posts/maelstrom-3/ https://pre.empt.blog/posts/maelstrom-3/ Mon, 11 Jul 2022 00:00:00 +0000 Brandon McGrath, Michael Ranaldo Exploring the development of a C2 Team Server, discussing common challenges, stealth techniques, and the complexities of identifying malicious network traffic. https://pre.empt.blog/posts/maelstrom-5/ https://pre.empt.blog/posts/maelstrom-5/ Mon, 11 Jul 2022 00:00:00 +0000 Brandon McGrath, Michael Ranaldo Endpoint Protection and Response is complicated for both offence and defence. In this blog we take a look at Kernel Callbacks, Hooks, and Thread Call Stacks from both perspectives. https://pre.empt.blog/posts/maelstrom-4/ https://pre.empt.blog/posts/maelstrom-4/ Mon, 11 Jul 2022 00:00:00 +0000 Brandon McGrath, Michael Ranaldo In this blog, we will discuss how to write a C2 implant for the modern era. We will look at the history of offensive techniques and the progress of defence. https://pre.empt.blog/posts/maelstrom-2/ https://pre.empt.blog/posts/maelstrom-2/ Mon, 13 Jun 2022 00:00:00 +0000 Brandon McGrath, Michael Ranaldo A look into the design choices behind the C2, along side some design concepts to keep it stable, and the workflow smooth. https://pre.empt.blog/posts/bluffy/ https://pre.empt.blog/posts/bluffy/ Mon, 13 Jun 2022 00:00:00 +0000 Brandon McGrath, Michael Ranaldo Playing with AV evasion techniques by using formats such as CSS, SVG, etc. https://pre.empt.blog/posts/maelstrom-1/ https://pre.empt.blog/posts/maelstrom-1/ Mon, 13 Jun 2022 00:00:00 +0000 Brandon McGrath, Michael Ranaldo Throughout this series, we will be slowly building out a Command & Control Framework and discussing common implementation, IOCs, and TTPs.