Skip to content
View warpedatom's full-sized avatar

Block or report warpedatom

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
warpedatom/README.md

Velkris Banner

Velkris | Offensive Security & Adversary Simulation

Red Team Operations • Active Directory Exploitation • Adversary Emulation • Detection Validation


Red Team Portfolio MITRE ATT&CK LinkedIn GitHub Followers Last Commit GitHub Stars Visitor Badge


About

I’m Velkris, an offensive security practitioner focused on enterprise penetration testing, Active Directory compromise paths, adversary simulation, and detection-informed tradecraft.

My work centers on building realistic attack paths, documenting repeatable methodology, and translating offensive findings into defender-relevant outcomes. I prioritize controlled execution, clear evidence, operational discipline, and mapping offensive actions to detection opportunities.

Core areas of focus include:

  • Active Directory enumeration, exploitation, and privilege escalation
  • Kerberos abuse, credential access, and identity-driven attack paths
  • MITRE ATT&CK-aligned adversary emulation
  • Red team tooling, automation, and methodology development
  • Detection validation through Windows Event Logs, Sysmon, and telemetry review
  • Practical reporting, evidence collection, and remediation-focused documentation

Operator Philosophy

Exploit behaviors, not just vulnerabilities. Assume detection exists. Validate it. Access is not the objective — measurable security improvement is.

Adversary simulation is most valuable when it helps answer practical defensive questions:

  • Did the control prevent, detect, or miss the behavior?
  • What telemetry was generated?
  • Was the alert actionable?
  • Could the attack path be repeated, chained, or remediated?
  • What would improve resilience against similar tradecraft?

Featured Repositories

These repositories are intentionally organized around practical offensive security workflows rather than isolated CTF-style artifacts.

Current and planned content includes:

  • Active Directory attack simulations
  • Kerberoasting and AS-REP Roasting workflows
  • Credential access and lateral movement methodology
  • Privilege escalation chains
  • ATT&CK technique mapping
  • Evidence collection and reporting notes
  • Detection observations and defensive takeaways

OffsetInspect

PowerShell-based utility for inspecting offsets and supporting tradecraft research.

Areas of focus:

  • Binary and offset inspection
  • PowerShell-based operational utility development
  • Tradecraft testing support
  • Research workflows for controlled lab environments

Detection-Notes

Blue-team-aware red team research repository focused on mapping offensive actions to telemetry and detection logic.

Planned coverage:

  • Windows Event IDs
  • Sysmon telemetry
  • Attack-to-detection mapping
  • Detection gaps and visibility notes
  • Defensive validation observations
  • Lab-based control testing

Current Focus

I am currently building and refining offensive security workflows around:

  • Active Directory compromise paths
  • Kerberos abuse and ticket-based attacks
  • AD CS and certificate abuse research
  • Trust relationships and cross-domain attack paths
  • Lateral movement and remote execution tradecraft
  • GPU-accelerated password auditing with Hashcat
  • Red team automation using PowerShell, Python, and Bash
  • Detection-informed reporting and methodology documentation

MITRE ATT&CK Coverage

Techniques actively studied, practiced, or documented include:

Tactic Techniques
Credential Access OS Credential Dumping, Kerberoasting, AS-REP Roasting, Credential Theft
Discovery Account Discovery, Domain Trust Discovery, Permission Group Discovery
Privilege Escalation Abuse Elevation Control Mechanism, Domain Policy Modification, ACL Abuse
Lateral Movement Remote Services, Pass-the-Hash, Pass-the-Ticket, SMB/WinRM Execution
Persistence Account Manipulation, Additional Credentials, Certificate-Based Persistence
Defense Evasion Indicator Removal, Impair Defenses, Obfuscated Files or Information

Coverage is documented per simulation with execution notes, command context, evidence, and detection observations where applicable.


Certifications & Training

Certification / Training Status
Security+ Completed
PJPT Completed
PNPT Completed
CRTP Completed
CRTO In Progress

Planned Progression

CRTO → CPTS → OSCP → CRTE → CAPE → CRTM → OSEP → CRTO II → CETP → OSED → RET II → CCED → OSEE

Long-Term Learning Path

Phase I: Active Directory Phase II: Enterprise Penetration Testing Phase III: Red Team Operations Phase IV: Evasion, Detection, and Tradecraft Development Phase V: Exploit Development and Advanced Tooling


Core Tool Stack

Offensive Security

Kali LinuxWindows Active DirectoryBloodHoundNetExecImpacket RubeusMimikatzResponderPsExecHashcatNmapBurp Suite

Development & Automation

PowerShellPythonBashC#C GitGitHub ActionspipxvenvObsidian

Detection & Documentation

Windows Event LogsSysmonMITRE ATT&CKSigma MarkdownObsidianReporting TemplatesEvidence Tracking


Knowledge Areas

  • Active Directory enumeration and exploitation
  • Kerberos authentication and abuse primitives
  • AD CS and PKI attack surface analysis
  • ACL, DACL, and delegation abuse
  • Lateral movement and remote execution
  • Password auditing and cracking workflows
  • Detection evasion concepts in controlled lab environments
  • Windows telemetry, Sysmon, and event correlation
  • Offensive security reporting and remediation guidance
  • Red team methodology, SOPs, and repeatable workflows

Recent Activity

Automatically updated via GitHub Actions

  • Updating Active Directory attack simulations
  • Refining OffsetInspect tooling
  • Documenting detection gaps and log artifacts

Connect

LinkedIn: https://www.linkedin.com/in/perry-jared-r Portfolio: https://github.com/warpedatom/Red-Team-Portfolio Email: velkris.unicorn494@passmail.net


© 2026 Velkris — Educational Offensive Security Research | MIT Licensed
All testing is conducted in authorized, isolated, or lab-controlled environments for research, training, and professional development purposes only.

Pinned Loading

  1. OffsetInspect OffsetInspect Public

    PowerShell-based utility for mapping byte offsets to source code using hex and ASCII context for detection research and red team tooling.

    PowerShell 34 5