About
I’m Ewan Fleischmann. I build offensive tooling and run red team operations for a living, then write down what actually moved the needle so defenders can use it.
My route into security ran through research rather than IT operations. I did a PhD before security became a career, and the habits stuck: form a hypothesis, build the smallest thing that tests it, measure what the instrumentation actually shows, and distrust the result until it survives a second look. Most of offensive work, once you strip away the theatrics, is exactly that loop pointed at someone else’s controls.
I founded Redlings, a penetration testing and red team firm based in Mannheim, to do that work properly — engagements that go past a vulnerability scan and into how an adversary would actually operate inside an estate. The day job is breaking into things under contract: assumed-breach scenarios, EDR and detection evasion, custom tooling when the off-the-shelf kit gets caught. The through-line of my research is the same set of questions: where does endpoint telemetry go blind, which controls fail quietly, and what does a defender need to see to catch it next time.
This site is deliberately separate from the firm. Redlings sells engagements; this is where I think out loud about the technical work — malware development, Windows internals, the gap between what a control claims and what its logs prove. I write for people who run the defenses, not the people who sign off on them. If a piece can’t be turned into a detection idea, a telemetry check, or an architecture decision, it doesn’t belong here.
Credentials, for the people who want them: OSCP, OSCE, CISSP, and a doctorate. They’re table stakes, not the point. The work is the point.