Services
PROGRAM DEVELOPMENT
Overview
Developing Capabilities
Expert Support
Assessments
Penetration Testing
Red Team Engagements
Purple Team Assessments
Maturity Assessments
Solutions
BloodHound Enterprise
Training
Adversary Tactics Training Courses
Red Team Operations
Tradecraft Analysis
Mac Tradecraft
Detection
Vulnerability Research for Operators
Active Directory Security Fundamentals
Private Training
Talk to us
About
ABOUT
Who We Are
Values
Team
Careers
News
Announcements
Media
Resources
Recent Posts
White Papers
Sponsored Tools
Vulnerability Acknowledgements
Datasheets
Blog
Events
Sponsored Events
Talks
Training Courses
Webinars
Contact Us
FEATURED BLOG
Introducing BloodHound 4.3 — Get Global Admin More Often
Read Post
All
Blog
Research
Solutions
Search
Blog
All Posts
6 Min Read | Nov 14
Uncovering Window Security Events
Part 1: TelemetrySource Data is the foundation by which defense is built upon. This data can come from various telemetry sources — native logging, Endpoint Detection and Response (EDR) tools, network logging, [...]
17 Min Read | Nov 09
Certificates and Pwnage and Patches, Oh My!
This post was written by Will Schroeder and Lee Christensen. A lot has happened since we released the “Certified Pre-Owned” blog post and whitepaper in June of last year. While [...]
10 Min Read | Oct 31
The Defender’s Guide to the Windows Registry
It’s dangerous to defend the registry alone! Take this! Authors: Luke Paine & Jonathan Johnson Introduction Welcome to the Defender’s Guide. This is a series of blog posts designed to give you [...]
4 Min Read | Oct 19
Ghostwriter v3.1 Now Available
Ghostwriter v3.1 is now available! This release introduces several new features along with a host of minor improvements. This post will look at the most significant changes, starting with a [...]
14 Min Read | Oct 05
Prioritization of the Detection Engineering Backlog
Written by Joshua Prager and Emily Leidy Introduction Strategically maturing a detection engineering function requires us to divide the overall function into smaller discrete problems. One such seemingly innocuous area of [...]
18 Min Read | Sep 29
On Detection: Tactical to Functional
Part 7: Synonyms “Experience is forever in motion, ramifying and unpredictable. In order for us to know anything at all, that thing must have enduring properties. If all things flow, and [...]
5 Min Read | Sep 12
WMI Internals Part 3
Beyond COM In a previous blog post of mine — WMI Internals Part 2: Reversing a WMI Provider I walked through how the WMI architecture is foundationally built upon COM and in [...]
13 Min Read | Sep 08
On Detection: Tactical to Function
Part 6: What is a Procedure? Physical reality has structures at all levels of metric size from atoms to galaxies. Within the intermediate band of terrestrial sizes, the environment of [...]
12 Min Read | Sep 07
Get your SOCKS on with gTunnel
Get Your SOCKS on with gTunnel tl;dr Steps to setup a wicked fast SOCKS proxy with a tool called gTunnel written by hotnops Foreword First and foremost, I would like to take [...]
PREV
1
2
3
4
5
6
7
8
NEXT
Get Started
Defend Against
Advanced Attacks
Talk to an Expert