// About // Skills // Research // Blog // Contact
Red Teamer & Security Researcher

Suleman
Rehman

Offensive security professional with 4+ years in red team operations, EDR/AV evasion, and Active Directory exploitation. I build tools, break defenses, and document attack techniques that others don't talk about.

View Research Read Blog GitHub →
4+ Years
2 Certs
19+ Techniques
3+ Tools Built
suleman@0xsr:~
Suleman Rehman
OSCP CPTS BS Cybersecurity
About Me

I break systems
for a living.

I'm Suleman Rehman, a cybersecurity professional with a Bachelor's degree in Cybersecurity and 4+ years of hands-on experience in offensive security operations. I hold both OSCP (Offensive Security Certified Professional) and CPTS (Certified Penetration Testing Specialist) certifications.

My expertise centers on red team engagements, EDR and AV bypass development, Active Directory attack chains, and Windows internals. I build custom offensive tools — including Chimera, a C++17 EDR evasion framework implementing 12 MITRE ATT&CK techniques — and publish research on attack techniques that aren't documented anywhere else. Beyond offensive security, I'm the founder of Veriframe — an AI-powered GRC and compliance SaaS that automates security assessments, generates audit-ready reports across 8 frameworks (SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR, NIST 800-53, QCF, and ECC-2:2024), and provides continuous cloud infrastructure monitoring with Drata-equivalent evidence collection across AWS, GCP, and Azure. Currently expanding into cloud penetration testing — bridging the gap between offensive tradecraft and the cloud-native attack surface.

When I'm not on an engagement, I'm writing about persistence vectors, reversing security products, and studying the latest Windows internals to find new attack surfaces.

Education
BS. Cybersecurity
Certifications
OSCP · CPTS
Specialization
Red Team · Penetration Testing
Focus Areas
AD · Offensive Security· AI for Security
Technical Skills

What I work with

Deep expertise across the full offensive security stack — from Windows internals to cloud attack surfaces.

🎯

Offensive Security

Penetration Tester Red Teamer VAPT Professional Adversary Simulation
🛡️

EDR & AV Evasion

AMSI Bypass ETW Patching Syscalls NTDLL Unhooking Sleep Obfuscation
🏛️

Active Directory

Kerberos Attacks DACL Abuse ADCS DCSync BloodHound
🔧

Malware Development

C / C++17 MASM x64 Shellcode Process Injection
☁️

Cloud Security

Azure AD / Entra OAuth2 Abuse Service Principals Conditional Access
⚙️

Tools & Languages

Python PowerShell Rust Cobalt Strike Metasploit Impacket
Certifications

Credentials

OSCP
OSCP
Offensive Security Certified Professional
Offensive Security · OffSec
Exploitation Buffer Overflow Pivoting
CPTS
CPTS
Certified Penetration Testing Specialist
HackTheBox Academy
Active Directory Web Attacks Reporting
Research & Tools

What I've built

Open-source tools and research published for the security community.

🔥
Chimera
v1.0 · C++17 / MASM

Windows 11 EDR/AV evasion framework implementing 12 MITRE ATT&CK techniques under a single CLI. Covers AMSI bypass, ETW patching, direct/indirect syscalls, NTDLL unhooking, process hollowing, module stomping, sleep obfuscation, call stack spoofing, and more.

EDR Bypass AMSI Syscalls C++17 MASM T1055
GitHub Read Post →
☁️
az-ad-audit
v1.0 · Python

Comprehensive Azure Active Directory / Entra ID security assessment tool. Audits service principals, conditional access policies, OAuth2 app permissions, privileged identities, and misconfigurations across the full Azure AD attack surface.

Azure AD Entra ID OAuth2 Python T1078.004
GitHub Read Post →
🕸️
GitHubC2
v1.0 · Python

Proof-of-concept C2 framework using GitHub Gist as a covert communication channel. Implant polls a Gist for commands, executes them, and writes output back — all traffic blends with normal GitHub API calls. Low-cost, high-stealth infrastructure.

C2 Living-off-the-Cloud Python T1102.001
GitHub Read Post →
Research Blog

Latest Writeups

Attack techniques, tool breakdowns, and research nobody else is writing about.

All Posts →
Featured Post
01
Persistence Active Directory
Mar 2026

Persistence Atlas: 19 Techniques Nobody Talks About

Shadow Credentials, AdminSDHolder backdoors, Time Provider DLLs, AMSI Provider registration — a deep dive into the persistence vectors that fly under every defender's radar, with full implementation commands.

Read article
EDR Bypass Malware Dev
Feb 2026

Building Chimera: An EDR Evasion Framework from Scratch

How I built a 12-technique EDR bypass toolkit in C++17 and MASM. Covers AMSI, ETW, NTDLL unhooking, direct/indirect syscalls, process hollowing, and module stomping with full implementation details.

Read article
C2 Infrastructure
Apr 2026

GitHub Gist as C2: Low Cost, High Stealth Infrastructure

Living-off-the-cloud C2 infrastructure using GitHub Gist as a covert channel. Architecture, implementation, OPSEC considerations, and detection signals defenders should look for.

Read article
Azure AD Cloud
Jan 2026

Azure AD Attack Surface: The Complete Red Team Guide

Full breakdown of the Azure AD / Entra ID attack surface — service principal abuse, OAuth2 token theft, conditional access bypass, privilege escalation paths, and how to audit for all of it.

Read article
MITRE ATT&CK Coverage

Techniques I research

Mapped to MITRE ATT&CK Enterprise framework.

T1027.011 — Sleep Obfuscation T1055 — Process Injection T1055.001 — DLL Injection T1055.004 — Hollowing T1055.014 — Heaven's Gate T1548 — Privilege Escalation T1562.001 — AMSI Bypass T1562.006 — ETW Patch T1098.001 — Shadow Creds T1003.006 — DCSync T1134.004 — PPID Spoof T1134.005 — SIDHistory T1649 — ADCS Abuse T1556.001 — Skeleton Key T1556.002 — Pwd Filter T1078.004 — Cloud Accounts T1197 — BITS Jobs T1546.003 — WMI Persist T1546.015 — COM Hijack T1547.003 — Time Provider T1547.005 — SSP T1547.010 — Port Monitor T1102.001 — GitHub C2
Contact

Let's connect

Open to red team consulting, research collaborations, and security discussions.

Find me on LinkedIn or explore my tools on GitHub.