Red Team Operations • Active Directory Exploitation • Adversary Emulation • Detection Validation
I’m Velkris, an offensive security practitioner focused on enterprise penetration testing, Active Directory compromise paths, adversary simulation, and detection-informed tradecraft.
My work centers on building realistic attack paths, documenting repeatable methodology, and translating offensive findings into defender-relevant outcomes. I prioritize controlled execution, clear evidence, operational discipline, and mapping offensive actions to detection opportunities.
Core areas of focus include:
- Active Directory enumeration, exploitation, and privilege escalation
- Kerberos abuse, credential access, and identity-driven attack paths
- MITRE ATT&CK-aligned adversary emulation
- Red team tooling, automation, and methodology development
- Detection validation through Windows Event Logs, Sysmon, and telemetry review
- Practical reporting, evidence collection, and remediation-focused documentation
Exploit behaviors, not just vulnerabilities. Assume detection exists. Validate it. Access is not the objective — measurable security improvement is.
Adversary simulation is most valuable when it helps answer practical defensive questions:
- Did the control prevent, detect, or miss the behavior?
- What telemetry was generated?
- Was the alert actionable?
- Could the attack path be repeated, chained, or remediated?
- What would improve resilience against similar tradecraft?
These repositories are intentionally organized around practical offensive security workflows rather than isolated CTF-style artifacts.
Current and planned content includes:
- Active Directory attack simulations
- Kerberoasting and AS-REP Roasting workflows
- Credential access and lateral movement methodology
- Privilege escalation chains
- ATT&CK technique mapping
- Evidence collection and reporting notes
- Detection observations and defensive takeaways
PowerShell-based utility for inspecting offsets and supporting tradecraft research.
Areas of focus:
- Binary and offset inspection
- PowerShell-based operational utility development
- Tradecraft testing support
- Research workflows for controlled lab environments
Blue-team-aware red team research repository focused on mapping offensive actions to telemetry and detection logic.
Planned coverage:
- Windows Event IDs
- Sysmon telemetry
- Attack-to-detection mapping
- Detection gaps and visibility notes
- Defensive validation observations
- Lab-based control testing
I am currently building and refining offensive security workflows around:
- Active Directory compromise paths
- Kerberos abuse and ticket-based attacks
- AD CS and certificate abuse research
- Trust relationships and cross-domain attack paths
- Lateral movement and remote execution tradecraft
- GPU-accelerated password auditing with Hashcat
- Red team automation using PowerShell, Python, and Bash
- Detection-informed reporting and methodology documentation
Techniques actively studied, practiced, or documented include:
| Tactic | Techniques |
|---|---|
| Credential Access | OS Credential Dumping, Kerberoasting, AS-REP Roasting, Credential Theft |
| Discovery | Account Discovery, Domain Trust Discovery, Permission Group Discovery |
| Privilege Escalation | Abuse Elevation Control Mechanism, Domain Policy Modification, ACL Abuse |
| Lateral Movement | Remote Services, Pass-the-Hash, Pass-the-Ticket, SMB/WinRM Execution |
| Persistence | Account Manipulation, Additional Credentials, Certificate-Based Persistence |
| Defense Evasion | Indicator Removal, Impair Defenses, Obfuscated Files or Information |
Coverage is documented per simulation with execution notes, command context, evidence, and detection observations where applicable.
| Certification / Training | Status |
|---|---|
| Security+ | Completed |
| PJPT | Completed |
| PNPT | Completed |
| CRTP | Completed |
| CRTO | In Progress |
CRTO → CPTS → OSCP → CRTE → CAPE → CRTM → OSEP → CRTO II → CETP → OSED → RET II → CCED → OSEE
Phase I: Active Directory
Phase II: Enterprise Penetration Testing
Phase III: Red Team Operations
Phase IV: Evasion, Detection, and Tradecraft Development
Phase V: Exploit Development and Advanced Tooling
Kali Linux • Windows Active Directory • BloodHound • NetExec • Impacket
Rubeus • Mimikatz • Responder • PsExec • Hashcat • Nmap • Burp Suite
PowerShell • Python • Bash • C# • C
Git • GitHub Actions • pipx • venv • Obsidian
Windows Event Logs • Sysmon • MITRE ATT&CK • Sigma
Markdown • Obsidian • Reporting Templates • Evidence Tracking
- Active Directory enumeration and exploitation
- Kerberos authentication and abuse primitives
- AD CS and PKI attack surface analysis
- ACL, DACL, and delegation abuse
- Lateral movement and remote execution
- Password auditing and cracking workflows
- Detection evasion concepts in controlled lab environments
- Windows telemetry, Sysmon, and event correlation
- Offensive security reporting and remediation guidance
- Red team methodology, SOPs, and repeatable workflows
Automatically updated via GitHub Actions
- Updating Active Directory attack simulations
- Refining OffsetInspect tooling
- Documenting detection gaps and log artifacts
LinkedIn: https://www.linkedin.com/in/perry-jared-r Portfolio: https://github.com/warpedatom/Red-Team-Portfolio Email: velkris.unicorn494@passmail.net
© 2026 Velkris — Educational Offensive Security Research | MIT Licensed
All testing is conducted in authorized, isolated, or lab-controlled environments for research, training, and professional development purposes only.


