Blog

Technical deep dives on physical red team hardware, attack techniques, and OPSEC.

January 8, 2026 8 min read

From Raspberry Pi to Purpose-Built: Why We Stopped Using Consumer Hardware

SD card corruption, flaky USB dongles, SSH tunnels to VPS boxes, and zero OPSEC controls. We built the Phantom and Scout because Raspberry Pis were never designed for offensive operations.

January 22, 2026 8 min read

Blacksight Phantom: Five Attack Modes in One Drop Box

A deep look at the Phantom -- NAC bypass, credential harvesting, evil twin WiFi, Bluetooth attacks, and passive recon in a single fanless device that phones home over 4G.

February 5, 2026 6 min read

Blacksight Scout: Wireless Recon Without the Laptop Bag

The Scout is a pocket-sized recon stick that enumerates every WiFi network, Bluetooth device, and probe request in range. Plug it in, walk away, and monitor from the dashboard.

February 19, 2026 8 min read

Zero-Knowledge Relay: An Exfiltration Channel We Cannot Read

How we built a WebSocket relay that forwards AES-256-GCM encrypted blobs between devices and operators without being able to decrypt, modify, or log any of it.

March 4, 2026 9 min read

Tap Mode: Bypassing 802.1X NAC with a Transparent Bridge

How Tap mode creates a transparent Layer-2 bridge to bypass 802.1X and MAB authentication, inherit VLAN assignments, and perform DTP negotiation and 802.1Q double-tagging.

March 18, 2026 10 min read

Venom Mode: Automated Credential Harvesting with Responder and mitm6

Venom mode runs Responder, LLMNR/NBT-NS poisoning, NTLM relay, IPv6 WPAD/DNS takeover via mitm6, ARP cache poisoning, and rogue DHCP -- all unattended and exfiltrating over 4G.

March 31, 2026 9 min read

Siren Mode: Evil Twin Attacks and WPA Handshake Capture at Scale

How Siren mode clones SSIDs, deploys captive portals, captures WPA/WPA2 handshakes and PMKID hashes, and runs deauthentication attacks -- all from one built-in WiFi 6 radio.

April 9, 2026 8 min read

Fang Mode: Bluetooth and BLE Attacks for Physical Engagements

BLE relay/MITM, device spoofring, GATT service fuzzing, legacy pairing exploitation, and advertisement injection -- Fang mode turns the Phantom's Bluetooth 5.2 radio into an attack platform.

April 16, 2026 7 min read

Scope Mode: Passive Recon Without Sending a Single Packet

Full PCAP recording, network asset discovery via traffic analysis, WiFi and Bluetooth enumeration -- all without transmitting. Scope mode maps the target environment silently.

April 24, 2026 7 min read

OPSEC for Physical Red Teams: Kill Switch, Self-Destruct, and Stealth Mode

Why your drop box needs a remote kill switch, cryptographic self-destruct, and a stealth mode that guarantees zero packets on the target network.

April 30, 2026 7 min read

Automated Playbooks: Chaining Attack Modes for Unattended Engagements

Define a sequence -- run Scope for 30 minutes, auto-enable Venom, exfiltrate every hour, switch to Siren after business hours. The Phantom executes it unattended.

May 1, 2026 6 min read

The Physical Pentester's Deployment Checklist

A practical checklist for physical red team engagements -- from pre-engagement recon with Scouts to Phantom deployment, mode selection, playbook configuration, and extraction.