Notes from the offensive side. Practitioner-first.

Offensive Security Tradecraft & Research

The operator's console — copy-ready commands, tooling, payloads, jailbreaks, dark web intel, CTFs, and AI red teaming. Written and maintained by Abe Tinoco.

Enter Arsenal → Latest Intel

Flash Intelligence

Latest Briefings

Operator commentary on the security stories worth your attention. Threat briefs, breaking incidents, and what to actually do about them.

View full archive →

// Recent drops

/04 News·2024-07-20 Cyber Outage Alert: CrowdStrike Hit by Major Disruption /05 News·2023-11-30 Laundering site Sinbad seized /06 News·2023-11-02 Not my dearest Okta :(

News /01 — Latest

Threat Brief: Supply-Chain, Trusted Vendor Attack Surfaces Rising

An uptick in third-party and vendor compromises shows how attackers are targeting trust chains. Here’s what to fix right now before your partners become your breach vector.

2025-10-20 read.brief →

News /02

Threat Brief: Qantas Leak and Oracle Zero‑Day

This week’s brief focuses on two major events: a data leak impacting Qantas and dozens of other companies, and a zero‑day vulnerability exploited in Oracle’s E‑Business Suite

2025-10-15 read.brief →

News /03

SIM Farm Discovered by Federal Agents

Investigators reference organized crime and possible foreign links, but no public arrests yet.

2025-09-26 read.brief →

The Arsenal

Command Grid

Copy-ready tradecraft, tooling, and reference — organized for the operator who needs it now. Drag to explore the full kit.

01/04 clusters

01 Tradecraft & Execution

/commands

Commands

Copy-ready tradecraft

02 Tooling & Environments

Kali, Parrot, BlackArch

/labs

Labs

Practice environments

03 Offensive AI

/aiSoon

AI Red Teaming

Agentic exploitation

04 Intel & Knowledge

/exploitsSoon

CVEs / Exploits

Vuln intel

/darkwebSoon

Dark Web

Markets, OPSEC, monitoring

/ctfSoon

CTF

Writeups & competitions

/resources

Resources

Intel & frameworks

Deep Dives

Research & Tradecraft

Long-form analysis — ransomware teardowns, threat-actor profiles, and the techniques behind the headlines.

View all posts →

/01

Blog

Rules of Engagement

For Authorized Testing Only

Everything here is published for defenders, researchers, and authorized red team operators. Know the rules before you run anything.

Authorization First

Techniques and tooling are for systems you own or have explicit written permission to test. No exceptions.

Defensive Framing

Content exists so blue teams understand offense. Every attack write-up is a defense lesson in disguise.

No Operational Targets

We don't dox, we don't name live victims, and we don't provide turnkey access to anyone's infrastructure.

Responsible Disclosure

Vulnerabilities are discussed in line with coordinated disclosure norms. Patch first, publish second.

Operator

Who's Behind the Relay

Abe Tinoco

Security Engineer & Red Team Operator

Nine years deep in IT and offensive security. I build tooling, run engagements, and translate what happens on the offensive side into something defenders and operators can actually use. Redteam Relay is where that work gets written down.

role: Red Team Operator focus: Offensive AI exp: 9 yrs base: Volo, IL

References

Field Resources

The external references worth bookmarking — frameworks, databases, and payload libraries every operator returns to.

[Framework] MITRE ATT&CK ↗ [Reference] LOLBAS ↗ [Payloads] PayloadsAllTheThings ↗ [Database] CVE Database ↗ [Database] Exploit-DB ↗ [OWASP] OWASP Top 10 ↗ [CISA] CISA KEV ↗ [Bounty] HackerOne ↗

Connect

Find Redteam Relay

Follow the feed where it lives. New briefs and tradecraft drop across these channels.

↗

Threads

@redteamrelay

Operator commentary and quick takes on breaking security news.

↗

Instagram

@redteamrelay

Visual breakdowns, infographics, and behind-the-scenes from the lab.

↗

RSS Feed

/rss.xml

Every brief and deep dive, straight to your reader. No algorithm.