#InfoSec Twitter has blown up over the past few days in a renewed debate over offensive security tools.
![Twitter avatar for @x0rz](https://substackcdn.com/image/twitter_name/w_96/x0rz.jpg)
![Twitter avatar for @AlecMuffett](https://substackcdn.com/image/twitter_name/w_96/AlecMuffett.jpg)
![Image](https://substackcdn.com/image/fetch/w_600,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fpbs.substack.com%2Fmedia%2FEMgJ-YBW4AEfb1O.png)
![Image](https://substackcdn.com/image/fetch/w_600,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fpbs.substack.com%2Fmedia%2FEMgJ-YQWwAAGMNH.jpg)
![Image](https://substackcdn.com/image/fetch/w_600,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fpbs.substack.com%2Fmedia%2FEMgJ-YQWkAER1_9.jpg)
I don’t think I have much expertise to add to the debate, except to say that as someone who plays InfoSec defense for a living, I gleaned most of my current knowledge by playing around with red team tools.
Would I publish one? Probably not, if I’m being honest. Would I feel differently about this topic if I was tasked with defending a Windows 2012 environment, that wasn’t scheduled to be patched or upgraded for months? Probably.
Playing tennis against a wall doesn’t increase your skill as fast as playing against an adversary. Personally I’m grateful for the democratization of offensive security tools as a free crash course in becoming better at my job.