Author
Michelle Carter
About
Principal Security Researcher at PlatformSecurity focused on emerging technologies and attack techniques, from adversary simulation and red teaming to OSINT and threat research.
Articles by Michelle Carter
9 results
- Pentesting
SOC 2 Penetration Testing: What Auditors Expect (and How to Scope It)
SOC 2 doesn’t prescribe a single “required pen test,” but auditors do expect risk-based security testing with clear scope, evidence, and follow-through. Here’s how to scope penetration testing that supports your audit and actually reduces risk.
04/07/20266 min read - Red Team
C2 from Scratch Part 2: Server & Deployment
Routing commands through the server, building CLI and GUI operators, generating implants on-the-fly, and packaging everything with Docker.
02/19/20267 min read - Red Team
C2 from Scratch Part 1: Architecture, mTLS & Rust
A deep dive into building Avocado C2: designing the communication protocol, implementing mutual TLS, and writing a cross-platform implant in Rust.
02/17/20267 min read - Pentesting
How to Prepare for a Penetration Test
Get the most from your penetration testing engagement. A step by step guide to scope, access, contacts, and timing so your pen test delivers actionable results without surprises.
12/05/20243 min read - Red Team
Red vs Purple vs Blue Team: Which Do You Need?
Red team vs blue team vs purple team: what each does, when to use which, and how to choose. Compare offensive security, detection tuning, and when to get an assessment. Practical guide.
10/25/20244 min read - Application Security
How to Choose a Security Company (and Avoid a Checkbox Pen Test)
A practical buyer’s guide to picking a security company that finds real risk, proves impact, and helps your engineers fix it—plus red flags, must-ask questions, and a scoping checklist.
08/05/20248 min read - Red Team
The Value of Offensive Security Services
Offensive security services help you find weaknesses before attackers do. Learn how penetration testing and red teaming provide measurable security improvements.
06/20/20242 min read - Red Team
Red Teaming in Incident Response
Red teaming services are not just about finding bugs. Learn how they help train your incident response team and improve your ability to detect and contain real world attacks.
03/05/20242 min read - Pentesting
Pentesting for Startups: A Guide
Startups often put off security testing due to cost or speed. Learn why penetration testing is essential for early stage companies and how to scope a pen test that fits your budget.
01/20/20242 min read