# Adversarial Tradecraft Research & Detection

- [RDP Exfil - The technique that works almost every time](https://blog.p1k4chu.com/security-research/adversarial-tradecraft-research-and-detection/rdp-exfil-the-technique-that-works-almost-every-time.md): Exfiltration of data is often, arguably the most important stage in any Red Team engagement. But did you ever realize that one of the most known and exploited infil technique can be abused?
- [Smishing Traid targets India with large scale "India Post" themed iMessage phish texts](https://blog.p1k4chu.com/security-research/adversarial-tradecraft-research-and-detection/smishing-traid-targets-india-with-large-scale-india-post-themed-imessage-phish-texts.md)
- [Quick Assist: Friend or Foe? How adversaries can exploit this tool and how can you defend?](https://blog.p1k4chu.com/security-research/adversarial-tradecraft-research-and-detection/quick-assist-friend-or-foe-how-adversaries-can-exploit-this-tool-and-how-can-you-defend.md): The blog post will cover few security risks with it and how you can detect malicious activity in your environment.
- [EDR Silencer - Embracing the Silence](https://blog.p1k4chu.com/security-research/adversarial-tradecraft-research-and-detection/edr-silencer-embracing-the-silence.md): The blog post presents a take on EDR Silencer, a hack tool that was open sourced. It also throws light on how it works and how to detect.
- [Dissecting & Detecting Lsass Shtinkering](https://blog.p1k4chu.com/security-research/adversarial-tradecraft-research-and-detection/dissecting-and-detecting-lsass-shtinkering.md)
- [Detecting malicious OOB: Part -1:  Hunting for OOB server - Interact.sh](https://blog.p1k4chu.com/security-research/adversarial-tradecraft-research-and-detection/detecting-malicious-oob-part-1-hunting-for-oob-server-interact.sh.md)
- [Abusing Windows VPN for EXFIL](https://blog.p1k4chu.com/security-research/adversarial-tradecraft-research-and-detection/abusing-windows-vpn-for-exfil.md)
- [Analyzing Nobelium's HTML Dropper - EnvyScout](https://blog.p1k4chu.com/security-research/adversarial-tradecraft-research-and-detection/analyzing-nobeliums-html-dropper-envyscout.md): TL;DR; In a recent incident, Nobelium (APT-29) used a HTML dropper to download a file and store it on the disk;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://blog.p1k4chu.com/security-research/adversarial-tradecraft-research-and-detection.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.