Early bird registration for SO-CON 2026 is now open!  Register Now
blog category

Research & Tradecraft

image for The Renaissance of NTLM Relay Attacks: Everything You Need to Know

Research & Tradecraft

The Renaissance of NTLM Relay Attacks: Everything You Need to Know

NTLM relay attacks have been around for a long time. While many security practitioners think NTLM relay is a solved problem, or at least a not-so-severe one, it...

By: Elad Shamir
Apr 8, 2025 • 40 min read
Read Post
image for The Clean Source Principle and the Future of Identity Security

Research & Tradecraft

The Clean Source Principle and the Future of Identity Security

TL;DR Modern identity systems are deeply interconnected, and every weak dependency creates an attack path — no...

By: Jared Atkinson
Oct 8, 2025 • 13 min read
Read Post
image for AI Gated Loader: Teaching Code to Decide Before It Acts

Research & Tradecraft

AI Gated Loader: Teaching Code to Decide Before It Acts

TL;DR AI gated loaders collect telemetry, apply a policy with an LLM, and execute only when...

By: John Wotton
Oct 3, 2025 • 12 min read
Read Post
image for WriteAccountRestrictions (WAR) – What is it good for?

Research & Tradecraft

WriteAccountRestrictions (WAR) – What is it good for?

TL;DR A lot of things. The User-Account-Restrictions property grants read/write permissions to the user-account-control LDAP attribute,...

By: Garrett Foster
Oct 1, 2025 • 20 min read
Read Post
image for DCOM Again: Installing Trouble

Research & Tradecraft

DCOM Again: Installing Trouble

TL;DR I am releasing a DCOM lateral movement beacon object file (BOF) that uses the Windows...

By: Craig Wright
Sep 29, 2025 • 12 min read
Read Post
image for More Fun With WMI

Research & Tradecraft

More Fun With WMI

TL;DR Win32_Process has been the go to WMI class for remote command execution for years. In...

By: Steven Flores
Sep 18, 2025 • 7 min read
Read Post
image for This One Weird Trick: Multi-Prompt LLM Jailbreaks (Safeguards Hate It!)

Research & Tradecraft

This One Weird Trick: Multi-Prompt LLM Jailbreaks (Safeguards Hate It!)

TL;DR: Using multiple prompts within the context of a conversation with an LLM can lead to...

By: Max Andreacchi
Sep 5, 2025 • 13 min read
Read Post
image for Dough No! Revisiting Cookie Theft

Research & Tradecraft

Dough No! Revisiting Cookie Theft

TL;DR Chromium based browsers have shifted from using the user’s Data Protection API (DPAPI) master key...

By: Andrew Gomez
Aug 27, 2025 • 15 min read
Read Post
image for Operating Outside the Box: NTLM Relaying Low-Privilege HTTP Auth to LDAP

Research & Tradecraft

Operating Outside the Box: NTLM Relaying Low-Privilege HTTP Auth to LDAP

TL;DR When operating out of a ceded access or phishing payload with no credential material, you...

By: Logan Goins
Aug 22, 2025 • 13 min read
Read Post
image for Transforming Red Team Ops with Mythic’s Hidden Gems: Browser Scripting

Research & Tradecraft

Transforming Red Team Ops with Mythic’s Hidden Gems: Browser Scripting

TL;DR Mythic’s browser scripting provides tons of flexibility that operators can tailor to their unique needs...

By: Alexander K. DeMine
Aug 21, 2025 • 30 min read
Read Post