See the latest by Chris Thompson
Do You Own Your Permissions, or Do Your Permissions Own You?
tl;dr: Less FPs for Owns/WriteOwner and new Owns/WriteOwnerLimitedRights edges Before we get started, if you’d prefer...
By: Chris Thompson
Mar 26, 2025 • 8 min read
Read Post
Maestro: Abusing Intune for Lateral Movement Over C2
If I have a command and control (C2) agent on an Intune admin’s workstation, I should...
By: Chris Thompson
Oct 31, 2024 • 13 min read
Read Post
Maestro: Abusing Intune for Lateral Movement Over C2
By: Chris Thompson
Oct 31, 2024 • 13 min read
Read Post
Rooting out Risky SCCM Configs with Misconfiguration Manager
tl;dr: I wrote a script to identify every TAKEOVER and ELEVATE attack in Misconfiguration Manager. Ever...
By: Chris Thompson
Apr 11, 2024 • 4 min read
Read Post
One Site to Rule Them All tl;dr: There is no security boundary between sites in the same...
By: Chris Thompson
Sep 25, 2023 • 13 min read
Read Post
SCCM Site Takeover via Automatic Client Push Installation
tl;dr: Install hotfix KB15599094 and disable NTLM for client push installation. While reading SCCM Current Branch...
By: Chris Thompson
Jan 12, 2023 • 9 min read
Read Post
Relaying NTLM Authentication from SCCM Clients
tl;dr: Seriously, please disable NTLM I recently learned that you can coerce NTLM authentication from SCCM servers...
By: Chris Thompson
Jun 30, 2022 • 16 min read
Read Post
Coercing NTLM Authentication from SCCM
tl;dr: Disable NTLM for Client Push Installation When SCCM automatic site assignment and automatic client push...