See the latest by Chris Thompson
Updates to the MSSQLHound OpenGraph Collector for BloodHound
tl;dr: MSSQLHound, a PowerShell script that collects security information from remote MSSQL Server instances, now scans...
By: Chris Thompson
Jan 20, 2026 • 7 min read
Read Post
MSSQL and SCCM Elevation of Privilege Vulnerabilities
TL;DR: I found two privilege escalation vulnerabilities, one in MSSQL (CVE-2025-49758) and one in Microsoft Configuration...
By: Chris Thompson
Jan 15, 2026 • 16 min read
Read Post
Introducing ConfigManBearPig, a BloodHound OpenGraph Collector for SCCM
tl;dr: Security researchers have discovered 30+ unique attack techniques targeting SCCM in the past several years,...
By: Chris Thompson
Jan 13, 2026 • 45 min read
Read Post
Adding MSSQL to BloodHound with OpenGraph
TL;DR MSSQLHound is a standalone PowerShell collector that adds 7 new nodes and 37 new MSSQL...
By: Chris Thompson
Aug 4, 2025 • 27 min read
Read Post
Do You Own Your Permissions, or Do Your Permissions Own You?
tl;dr: Less FPs for Owns/WriteOwner and new Owns/WriteOwnerLimitedRights edges Before we get started, if you’d prefer...
By: Chris Thompson
Mar 26, 2025 • 8 min read
Read Post
Maestro: Abusing Intune for Lateral Movement Over C2
If I have a command and control (C2) agent on an Intune admin’s workstation, I should...
By: Chris Thompson
Oct 31, 2024 • 13 min read
Read Post
Maestro: Abusing Intune for Lateral Movement Over C2
By: Chris Thompson
Oct 31, 2024 • 13 min read
Read Post
Rooting out Risky SCCM Configs with Misconfiguration Manager
tl;dr: I wrote a script to identify every TAKEOVER and ELEVATE attack in Misconfiguration Manager. Ever...
By: Chris Thompson
Apr 11, 2024 • 4 min read
Read Post
One Site to Rule Them All tl;dr: There is no security boundary between sites in the same...