Early bird registration for SO-CON 2026 is now open!  Register Now
blog category

Research & Tradecraft

image for The Renaissance of NTLM Relay Attacks: Everything You Need to Know

Research & Tradecraft

The Renaissance of NTLM Relay Attacks: Everything You Need to Know

NTLM relay attacks have been around for a long time. While many security practitioners think NTLM relay is a solved problem, or at least a not-so-severe one, it...

By: Elad Shamir
Apr 8, 2025 • 40 min read
Read Post
image for An Evening with Claude (Code)

Research & Tradecraft

An Evening with Claude (Code)

TL;DR – A new vulnerability was found one evening in Claude Code (CVE-2025-64755). I’d love to...

By: Adam Chester
Nov 21, 2025 • 17 min read
Read Post
image for SCCM Hierarchy Takeover via Entra Integration…Because of the Implication

Research & Tradecraft

SCCM Hierarchy Takeover via Entra Integration…Because of the Implication

TL;DR SCCM sites (prior to KB35360093) integrated with Entra ID can be abused to compromise the...

By: Garrett Foster
Nov 19, 2025 • 17 min read
Read Post
image for Unpacking the AAD Broker LocalState Cache

Research & Tradecraft

Unpacking the AAD Broker LocalState Cache

TL;DR: This post documents the AAD Broker’s storage format, how to unpack it, and discusses potential...

By: Jack Ullrich
Nov 3, 2025 • 16 min read
Read Post
image for AdminSDHolder: Misconceptions, Misconfigurations, and Myths

Research & Tradecraft

AdminSDHolder: Misconceptions, Misconfigurations, and Myths

TL;DR: This blog is the brief version. I love delving into ancient history. The Fall of...

By: Jim Sykora
Oct 31, 2025 • 4 min read
Read Post
image for Catching Credential Guard Off Guard

Research & Tradecraft

Catching Credential Guard Off Guard

TL;DR Due to new security features in Windows and the lack of existing research, we set...

By: Valdemar Carøe
Oct 23, 2025 • 36 min read
Read Post
image for Is Kerberoasting Still a Risk When AES-256 Kerberos Encryption Is Enabled?

Research & Tradecraft

Is Kerberoasting Still a Risk When AES-256 Kerberos Encryption Is Enabled?

TL;DR Kerberoasting is fundamentally a weak password problem. Stronger encryption slows down cracking, but it doesn’t...

By: Elad Shamir
Oct 21, 2025 • 4 min read
Read Post
image for The (Near) Return of the King: Account Takeover Using the BadSuccessor Technique

Research & Tradecraft

The (Near) Return of the King: Account Takeover Using the BadSuccessor Technique

TL;DR – After Microsoft patched Yuval Gordon’s BadSuccessor privilege escalation technique, BadSuccessor returned with another blog...

By: Logan Goins
Oct 20, 2025 • 13 min read
Read Post
image for PingOne Attack Paths

Research & Tradecraft

PingOne Attack Paths

TL;DR: You can use PingOneHound in conjunction with BloodHound Community Edition to discover, analyze, execute, and...

By: Andy Robbins
Oct 20, 2025 • 14 min read
Read Post
image for NAA or BroCI…? Let Me Explain

Research & Tradecraft

NAA or BroCI…? Let Me Explain

TL;DR This writeup is a summary of knowledge and resources for nested application authentication (NAA) and...

By: Hope Walker
Oct 15, 2025 • 12 min read
Read Post