Services
PROGRAM DEVELOPMENT
Overview
Developing Capabilities
Expert Support
Assessments
Penetration Testing
Red Team Engagements
Purple Team Assessments
Maturity Assessments
Solutions
BloodHound Enterprise
Training
Adversary Tactics Training Courses
Red Team Operations
Tradecraft Analysis
Mac Tradecraft
Detection
Vulnerability Research for Operators
Active Directory Security Fundamentals
Private Training
Talk to us
About
ABOUT
Who We Are
Values
Team
Careers
News
Announcements
Media
Resources
Recent Posts
White Papers
Sponsored Tools
Vulnerability Acknowledgements
Datasheets
Blog
Events
Sponsored Events
Talks
Training Courses
Webinars
Contact Us
FEATURED BLOG
Introducing BloodHound 4.3 — Get Global Admin More Often
Read Post
All
Blog
Research
Solutions
Search
Blog
All Posts
12 Min Read | Jun 01
On Detection: From Tactical to Functional
In his 1931 paper “A Non-Aristotelian System and Its Necessity for Rigour in Mathematics and Physics,” Mathematician Alfred Korzybski introduced an idea that many today find helpful when dealing with [...]
16 Min Read | May 24
Beyond Procedures: Digging into the Function Call Stack
Within the cybersecurity industry, many of us have a natural inclination towards digging into technical concepts and understanding what is going on under the hood. Or, if you are like [...]
3 Min Read | May 23
FOSS BloodHound 4.3.1 release
We are excited to share the release of BloodHound version 4.3.1. We have accepted a lot of pull requests made by BloodHound users for bug fixes and cool improvements in [...]
14 Min Read | May 19
Security Distilled: Building a First-Principles Approach to Understanding Security
By Nathan Davis This body of work also appears in the form of a webinar, which can be accessed here. What is security? This is a question that struck me some time [...]
7 Min Read | May 16
From DA to EA with ESC5
There’s a new, practical way to escalate from Domain Admin to Enterprise Admin. ESC5 You’ve heard of ESC1 and ESC8. But what about ESC5? ESC5 is also known as “Vulnerable [...]
11 Min Read | May 10
C2 and the Docker Dance: Mythic 3.0’s Marvelous Microservice Moves
— Title by ChatGPT for introducing Mythic 3.0 What is Mythic? Mythic is a plug-n-play command and control (C2) framework that heavily leverages Docker and a microservice architecture where new agents, communication [...]
8 Min Read | May 03
Exploring Impersonation through the Named Pipe Filesystem Driver
Introduction Impersonation happens often natively in Windows, however, adversaries also use it to run code in the context of another user. Recently I was researching named pipe impersonation which naturally [...]
11 Min Read | Apr 18
Introducing BloodHound 4.3 — Get Global Admin More Often
Introducing BloodHound 4.3 — Get Global Admin More Often Discover new attack paths traversing Microsoft Graph and seven new Azure Resource Manager objects. Checking out BloodHound for the first time? Here are some handy [...]
18 Min Read | Mar 29
I’d TAP That Pass
Summary: Given that: Temporary Access Passes (TAP) are enabled in the Azure AD tenantAND You have an authentication admin role in Azure AD You can assign users a short lived password [...]
1
2
3
4
5
6
7
8
NEXT
Get Started
Defend Against
Advanced Attacks
Talk to an Expert