HK
Helix Kitten Security
/
ACTIVE RESEARCH LAB

Helix Kitten
Security

Offensive security research, adversary emulation, and defensive engineering. A living reference for red teamers, penetration testers, and security engineers.

Start Reading → Browse Topics

Research Domains

Core knowledge areas covering offensive and defensive security disciplines.

🏰

Active Directory Attacks & Defense

Kerberoasting, Pass-the-Hash, Golden Tickets, AD enumeration techniques, and defensive hardening strategies for enterprise environments.

Explore →
🔧

Hacking Tools

Deep dives into Nmap, Metasploit, Burp Suite, Wireshark, John the Ripper, and the broader offensive toolkit landscape.

Explore →
🛡

MITRE ATT&CK Framework

Mapping adversary behavior across tactics from Initial Access through Exfiltration, with real-world technique references.

Explore →
📋

Pentest Methodologies

OWASP Testing Guide, PTES, OSSTMM, bug bounty workflows, and professional reporting standards for engagements.

Explore →
🌐

Cybersecurity Domains

Network security, application security, cloud security, incident response, and threat intelligence fundamentals.

Explore →

Quick Reference

Essential security concepts for practitioners at every level.

A zero-day vulnerability is a software security flaw unknown to the vendor or developer. The term "zero-day" refers to the fact that the developer has had zero days to fix the issue since it was not previously known. These vulnerabilities are highly valued by attackers and on exploit markets because no patch exists. Defense involves layered security, behavioral detection, and rapid incident response capabilities. Notable examples include EternalBlue (CVE-2017-0144) and Log4Shell (CVE-2021-44228).
Common Vulnerabilities and Exposures (CVE) is a standardized identifier system for publicly known security flaws. Each CVE entry includes an ID (e.g., CVE-2024-1234), a description, and references. The Common Vulnerability Scoring System (CVSS) rates severity from 0.0 to 10.0 across metrics like Attack Vector, Attack Complexity, Privileges Required, and Impact. Scores of 9.0+ are considered Critical. Security teams use CVE databases (NVD, MITRE) for vulnerability management and patch prioritization.
Red Team simulates real-world adversaries to test an organization's defenses through offensive operations including social engineering, exploitation, and lateral movement. Blue Team focuses on defensive operations: monitoring, detection, incident response, and hardening. Purple Team bridges both by facilitating collaboration between red and blue, ensuring attack simulations directly improve detection capabilities. Modern security programs leverage all three for a comprehensive security posture through continuous adversary emulation exercises.
The most prevalent attack vectors include: Phishing (spear phishing emails with malicious attachments or credential harvesting links), Exposed Services (unpatched web applications, RDP, SSH, VPN endpoints), Supply Chain (compromised third-party software or dependencies), Credential Abuse (password spraying, credential stuffing from data breaches), and Insider Threats (malicious or negligent insiders with legitimate access). Understanding these vectors is foundational for both penetration testing scoping and defensive architecture.
NIST Cybersecurity Framework organizes security into five functions: Identify, Protect, Detect, Respond, Recover. ISO 27001 provides requirements for an Information Security Management System (ISMS) with Annex A controls. CIS Controls offer a prioritized set of 18 security actions mapped to common attack patterns. MITRE ATT&CK catalogs adversary tactics and techniques based on real-world observations. These frameworks are complementary — organizations often map between them for comprehensive coverage across governance, operations, and technical controls.

Example: Nmap Reconnaissance

A typical network discovery and service enumeration scan.

bash 
# Network discovery and aggressive service scan
$ nmap -sC -sV -A -T4 192.168.1.0/24

Starting Nmap 7.94 ( https://nmap.org )
Nmap scan report for 192.168.1.10
Host is up (0.0032s latency).

PORT     STATE SERVICE       VERSION
22/tcp   open  ssh           OpenSSH 8.9p1
80/tcp   open  http          Apache httpd 2.4.54
443/tcp  open  ssl/https     nginx 1.24.0
3389/tcp open  ms-wbt-server Microsoft Terminal Services
8080/tcp open  http-proxy    Squid 5.7

# NSE script results
| http-title: Corporate Intranet Portal
| ssl-cert: Subject: CN=corp.example.com
| smb-os-discovery: Windows Server 2019 Build 17763

Nmap done: 256 IP addresses (12 hosts up) scanned in 48.32 seconds

Live Terminal

Interactive framework initialization sequence.

helix@kitten:~
0
Techniques Documented
0
Tools Cataloged
0
Attack Paths Mapped