See the latest by Andy Robbins
Attack Graph Model Design Requirements and Examples
TL;DR OpenGraph makes it easy to add new nodes and edges into BloodHound, but doesn’t design...
By: Andy Robbins
Aug 1, 2025 • 34 min read
Read Post
Intune Attack Paths — Part 1 Prior Work Several people have recently produced high-quality work around Intune tradecraft. I...
By: Andy Robbins
Jan 15, 2025 • 21 min read
Read Post
Azure Key Vault Tradecraft with BARK
Brief This post details the existing and new functions in BARK that support adversarial tradecraft research...
By: Andy Robbins
Nov 20, 2024 • 8 min read
Read Post
Browserless Entra Device Code Flow
Zugspitze, Bavaria, Germany. Photo by Andrew Chiles Did you know that it is possible to perform every...
By: Andy Robbins
Mar 6, 2024 • 8 min read
Read Post
The Most Dangerous Entra Role You’ve (Probably) Never Heard Of
Entra ID has a built-in role called “Partner Tier2 Support” that enables escalation to Global Admin,...
By: Andy Robbins
Feb 16, 2024 • 6 min read
Read Post
Directory.ReadWrite.All Is Not As Powerful As You Might Think
Directory.ReadWrite.All is an MS Graph permission that is frequently cited as granting high amounts of privilege,...
By: Andy Robbins
Feb 12, 2024 • 11 min read
Read Post
Microsoft Breach — What Happened? What Should Azure Admins Do?
Microsoft Breach — What Happened? What Should Azure Admins Do? On January 25, 2024, Microsoft published a blog post...
By: Andy Robbins
Feb 2, 2024 • 11 min read
Read Post
BloodHound Community Edition: A New Era
I’m proud to announce the availability of BloodHound Community Edition (BloodHound CE)! What you need to know:...
By: Andy Robbins
Aug 8, 2023 • 6 min read
Read Post
There’s a new, practical way to escalate from Domain Admin to Enterprise Admin. ESC5 You’ve heard...