BloodHound 8.0 update adds BloodHound OpenGraph — expanding attack path visibility beyond AD and Entra ID. Learn More
blog category

Blog

image for This One Weird Trick: Multi-Prompt LLM Jailbreaks (Safeguards Hate It!)

Research & Tradecraft

This One Weird Trick: Multi-Prompt LLM Jailbreaks (Safeguards Hate It!)

TL;DR: Using multiple prompts within the context of a conversation with an LLM can lead to...

By: Max Andreacchi
Sep 5, 2025 • 13 min read
Read Post
image for BloodHound Operator: The Six Degrees Of Master Yoda

BloodHound

BloodHound Operator: The Six Degrees Of Master Yoda

A Technical Dive Into BloodHound OpenGraph With BloodHound Operator & Master Yoda… TL;DR: The latest version...

By: SadProcessor
Sep 4, 2025 • 17 min read
Read Post
image for Dough No! Revisiting Cookie Theft

Research & Tradecraft

Dough No! Revisiting Cookie Theft

TL;DR Chromium based browsers have shifted from using the user’s Data Protection API (DPAPI) master key...

By: Andrew Gomez
Aug 27, 2025 • 15 min read
Read Post
image for Operating Outside the Box: NTLM Relaying Low-Privilege HTTP Auth to LDAP

Research & Tradecraft

Operating Outside the Box: NTLM Relaying Low-Privilege HTTP Auth to LDAP

TL;DR When operating out of a ceded access or phishing payload with no credential material, you...

By: Logan Goins
Aug 22, 2025 • 13 min read
Read Post
image for Transforming Red Team Ops with Mythic’s Hidden Gems: Browser Scripting

Research & Tradecraft

Transforming Red Team Ops with Mythic’s Hidden Gems: Browser Scripting

TL;DR Mythic’s browser scripting provides tons of flexibility that operators can tailor to their unique needs...

By: Alexander K. DeMine
Aug 21, 2025 • 30 min read
Read Post
image for ARM-ed and Dangerous: Dylib Injection on macOS 

Research & Tradecraft

ARM-ed and Dangerous: Dylib Injection on macOS 

Modern Dylib Injection Techniques for AArch64 macOS TL;DR This post details how I extended the Mythic...

By: West Shepherd
Aug 21, 2025 • 24 min read
Read Post
image for Will WebClient Start

Research & Tradecraft

Will WebClient Start

TL;DR WebClient is a common targeted service for NTLM relay attacks. In this post we will...

By: Steven Flores
Aug 19, 2025 • 31 min read
Read Post
image for Pantheon Introduction: A Guide and Script Collection for Mythic Eventing

Blog

Pantheon Introduction: A Guide and Script Collection for Mythic Eventing

TL;DR Mythic Eventing automates repetitive tasks during red team operations (RTO). This blog documents the eventing...

By: Gavin Kramer
Aug 15, 2025 • 9 min read
Read Post
image for Juicing ntds.dit Files to the Last Drop

Research & Tradecraft

Juicing ntds.dit Files to the Last Drop

TL;DR Several new Active Directory offline attack capabilities have recently been added to the DSInternals PowerShell module....

By: Michael Grafnetter
Aug 14, 2025 • 11 min read
Read Post