BugsBunny mark
Identity
handleBugsBunny
nameMazen AlFaifi
since2010
$ cat ./about.md

I stress-test Windows estates and write down how they fail.

Red Teamer · Sys Admin background · Security Researcher

I'm Mazen Alfaifi - I run full-scope red team engagements and spend the rest of my time pulling Windows apart to understand why the attacks work. I came up through systems administration, so I read estates the way the people who run them do, then look for the gap between how something is supposed to behave and how it actually does.

Most of what I learn ends up here as a writeup: the setup, the technique, the OPSEC tradeoffs, and the cleanup - sanitized, reproducible, and honest about what's noisy. If it can't be reproduced from the post, it isn't finished.

$ ls ./focus

What I work on

Red Teaming

Full-scope, evasion, C2.

Active Directory

Attack paths, Kerberos.

Windows Internals

Tokens, syscalls, EDR.

Exploit Development

Primitives, memory.

Research Writeups

Field notes, reproducible.

$ grep -l "favorite" ./writeups

Selected writeups

all writeups →
01
Abusing SCCM for Domain Takeover
Active Directory · 3 min · Advanced
 02
Hunting Tokens: Impersonation Without a Shell
Windows Internals · 3 min · Advanced
 03
Direct Syscalls: Bypassing API Hooking
Windows Internals · 3 min · Advanced
$ cat ./topics

Tools & topics I write about

NTLM relay Kerberos SCCM / MECM SCCM to System BloodHound ADCS Tokens & privileges Direct syscalls Malleable C2 Kernel pool EDR evasion
$ cat ./contact
X / Twitter
@0xiMazen
GitHub
/0xMazen
Discord
0xbugsbunny