Protect mission-critical assets from identity compromise with new Privilege Zones in BloodHound Enterprise. Learn More
Get a Demo
blog category

Research & Tradecraft

image for The Renaissance of NTLM Relay Attacks: Everything You Need to Know

Research & Tradecraft

The Renaissance of NTLM Relay Attacks: Everything You Need to Know

NTLM relay attacks have been around for a long time. While many security practitioners think NTLM relay is a solved problem, or at least a not-so-severe one, it...

By: Elad Shamir
Apr 8, 2025 • 40 min read
Read Post
image for Machine Learning Series Chapter 1

Research & Tradecraft

Machine Learning Series Chapter 1

MICROGRAD FOR MORTALS TL;DR Let’s use Micrograd to explain core ML concepts like supervised learning, regression,...

By: Diego lomellini
Jul 2, 2025 • 42 min read
Read Post
image for Misconfiguration Manager: Still Overlooked, Still Overprivileged

Research & Tradecraft

Misconfiguration Manager: Still Overlooked, Still Overprivileged

TL;DR It has been one year since Misconfiguration Manager’s release and the security community has been...

By: Duane Michael, Garrett Foster
Jun 26, 2025 • 8 min read
Read Post
image for Untrustworthy Trust Builders: Account Operators Replicating Trust Attack (AORTA)

Research & Tradecraft

Untrustworthy Trust Builders: Account Operators Replicating Trust Attack (AORTA)

TL;DR The Incoming Forest Trust Builders group (not AdminSDHolder protected) can create inbound forest trusts with...

By: Jonas Bülow Knudsen
Jun 25, 2025 • 20 min read
Read Post
image for Lost in Translation: How L33tspeak Might Throw Sentiment Analysis Models for a Loop

Research & Tradecraft

Lost in Translation: How L33tspeak Might Throw Sentiment Analysis Models for a Loop

TL;DR Sentiment analysis models are used to assess conventional use of language, but what happens when...

By: Max Andreacchi
Jun 24, 2025 • 9 min read
Read Post
image for LLMentary, My Dear Claude: Prompt Engineering an LLM to Perform Word-to-Markdown Conversion for Templated Content

Research & Tradecraft

LLMentary, My Dear Claude: Prompt Engineering an LLM to Perform Word-to-Markdown Conversion for Templated Content

While LLMs can expedite parts of the technical writing/editing process, these tools still require human oversight...

By: Sarah Miles
Jun 20, 2025 • 11 min read
Read Post
image for Ghostwriter v6: Introducing Collaborative Editing

Research & Tradecraft

Ghostwriter v6: Introducing Collaborative Editing

TL;DR: Ghostwriter now supports real-time collaborative editing for observations, findings, and report fields using the YJS...

By: Christopher Maddalena, Alex Parrill
Jun 18, 2025 • 9 min read
Read Post
image for Administrator Protection Review

Research & Tradecraft

Administrator Protection Review

TL;DR Microsoft will be introducing Administrator Protection into Windows 11, so I wanted to have an...

By: Adam Chester
Jun 18, 2025 • 11 min read
Read Post
image for OneLogin, Many Issues: How I Pivoted from a Trial Tenant to Compromising Customer Signing Keys

Research & Tradecraft

OneLogin, Many Issues: How I Pivoted from a Trial Tenant to Compromising Customer Signing Keys

TL;DR OneLogin was found to have security vulnerabilities in its AD Connector service that exposed authentication...

By: Julian Catrambone
Jun 10, 2025 • 11 min read
Read Post
image for Update: Dumping Entra Connect Sync Credentials

Research & Tradecraft

Update: Dumping Entra Connect Sync Credentials

TL;DR Microsoft has recently changed how Entra Connect Sync authenticates to Entra ID. This blog post...

By: Daniel Heinsen
Jun 9, 2025 • 10 min read
Read Post