Red Teaming: A Story From the Trenches

A red-team narrative describing how testers defeated strict Windows application allowlisting by adapting the 'SquiblyDoo' REGSVR32/scrobj technique into a custom DLL called WEvade that directly executed base64-encoded shellcode fetched from a file or web server. The operators delivered the payload using a Bash Bunny/USB to an unlocked workstation during a physical penetration test and achieved a command channel despite USB-connection detection alerts, illustrating both a technical bypass and the role of human/process weaknesses.