CYPFER Offensive Practice

Offensive security insights, built to prevent attacks and improve detection.

Practical writeups on red teaming, exploitation, and attack simulation.

View all posts Subscribe to our newsletter

Red Teaming Pentesting Technical

Technical value

Realistic attack simulation validating internal, external, and web exposure.

Proactive

Identify weaknesses early and strengthen defenses before real attackers act.

Gaining foothold

Validate real-world initial access paths through exploitation and targeted phishing

Achieving objectives

Demonstrate impact against agreed goals and measure detection and response through red and purple teaming

Latest posts

April 30, 2026 • Rejean Thiboutot

Assumed Breach Engagements: When the Threat Is Custom, the Tools Should Be Too

How we engineered our own deployment infrastructure, so our team spend every hour of an engagement doing what matters: testing your security, not fighting setup logistics.

Read article

April 17, 2026 • Cedrick Picard

Before Mythos Ships, Walk Your Own Attack Paths.

Mythos will make 0days cheaper and faster. But the real risk isn't the front door; it is the misconfigured domain sitting wide open behind it and the poor detection.

Read article

April 15, 2026 • Charles F. Hamilton

Old red team tradecraft, modern attackers.

How legacy red team tradecraft is being reused by modern attackers and what it means for detection and defensive readiness.

Read article

March 31, 2026 • Marie-Eve Bergeron

Free Cloud Security Assessment

CYPFER is offering a complimentary cloud assessment focused on identifying a selection of attack paths within your cloud environment.

Read article

June 13, 2025 • Marie-Eve Bergeron

Strengthen Your Security Posture with a Detection Capability Assessment

Empower Your Blue Team with Real-Time Training and Comprehensive Threat Detection

Read article

May 1, 2025 • Martin Verreault

Cobalt Strike redirectors using AWS and Azure

One of the challenges for red team operators is to maintain their command & control (c2) infrastructure. An aspect that can be time consuming is obtaining reputable domain names to be used by c2 server.

Read article