Protect mission-critical assets from identity compromise with new Privilege Zones in BloodHound Enterprise. Learn More
Get a Demo
blog category

Research & Tradecraft

image for The Renaissance of NTLM Relay Attacks: Everything You Need to Know

Research & Tradecraft

The Renaissance of NTLM Relay Attacks: Everything You Need to Know

NTLM relay attacks have been around for a long time. While many security practitioners think NTLM relay is a solved problem, or at least a not-so-severe one, it...

By: elad shamir
Apr 8, 2025 • 40 min read
Read Post
image for LLMentary, My Dear Claude: Prompt Engineering an LLM to Perform Word-to-Markdown Conversion for Templated Content

Research & Tradecraft

LLMentary, My Dear Claude: Prompt Engineering an LLM to Perform Word-to-Markdown Conversion for Templated Content

While LLMs can expedite parts of the technical writing/editing process, these tools still require human oversight...

By: Sarah Miles
Jun 20, 2025 • 11 min read
Read Post
image for Ghostwriter v6: Introducing Collaborative Editing

Research & Tradecraft

Ghostwriter v6: Introducing Collaborative Editing

TL;DR: Ghostwriter now supports real-time collaborative editing for observations, findings, and report fields using the YJS...

By: Christopher Maddalena, Alex Parrill
Jun 18, 2025 • 9 min read
Read Post
image for Administrator Protection Review

Research & Tradecraft

Administrator Protection Review

TL;DR Microsoft will be introducing Administrator Protection into Windows 11, so I wanted to have an...

By: Adam Chester
Jun 18, 2025 • 11 min read
Read Post
image for OneLogin, Many Issues: How I Pivoted from a Trial Tenant to Compromising Customer Signing Keys

Research & Tradecraft

OneLogin, Many Issues: How I Pivoted from a Trial Tenant to Compromising Customer Signing Keys

TL;DR OneLogin was found to have security vulnerabilities in its AD Connector service that exposed authentication...

By: Julian Catrambone
Jun 10, 2025 • 11 min read
Read Post
image for Update: Dumping Entra Connect Sync Credentials

Research & Tradecraft

Update: Dumping Entra Connect Sync Credentials

TL;DR Microsoft has recently changed how Entra Connect Sync authenticates to Entra ID. This blog post...

By: Daniel Heinsen
Jun 9, 2025 • 10 min read
Read Post
image for Tokenization Confusion

Research & Tradecraft

Tokenization Confusion

TL;DR Tokenization Confusion: We look at the new Prompt Guard 2 model from Meta, how “confusing”...

By: Adam Chester
Jun 3, 2025 • 20 min read
Read Post
image for Revisiting COM Hijacking

Research & Tradecraft

Revisiting COM Hijacking

TL;DR: This post shows how COM hijacking can serve as a reliable persistence method while also...

By: Antero Guy
May 28, 2025 • 7 min read
Read Post
image for Understanding & Mitigating BadSuccessor

Research & Tradecraft

Understanding & Mitigating BadSuccessor

TL;DR: BadSuccessor is a new AD attack primitive that abuses dMSAs, allowing an attacker who can...

By: Jim Sykora
May 27, 2025 • 24 min read
Read Post
image for The SQL Server Crypto Detour

Research & Tradecraft

The SQL Server Crypto Detour

As part of my role as Service Architect here at SpecterOps, one of the things I’m...

By: Adam Chester
Apr 8, 2025 • 12 min read
Read Post