Early bird registration for SO-CON 2026 is now open!  Register Now
blog category

Research & Tradecraft

image for The Renaissance of NTLM Relay Attacks: Everything You Need to Know

Research & Tradecraft

The Renaissance of NTLM Relay Attacks: Everything You Need to Know

NTLM relay attacks have been around for a long time. While many security practitioners think NTLM relay is a solved problem, or at least a not-so-severe one, it...

By: Elad Shamir
Apr 8, 2025 • 40 min read
Read Post
image for AdminSDHolder: Misconceptions, Misconfigurations, and Myths

Research & Tradecraft

AdminSDHolder: Misconceptions, Misconfigurations, and Myths

TL;DR: This blog is the brief version. I love delving into ancient history. The Fall of...

By: Jim Sykora
Oct 31, 2025 • 4 min read
Read Post
image for Catching Credential Guard Off Guard

Research & Tradecraft

Catching Credential Guard Off Guard

TL;DR Due to new security features in Windows and the lack of existing research, we set...

By: Valdemar Carøe
Oct 23, 2025 • 36 min read
Read Post
image for Is Kerberoasting Still a Risk When AES-256 Kerberos Encryption Is Enabled?

Research & Tradecraft

Is Kerberoasting Still a Risk When AES-256 Kerberos Encryption Is Enabled?

TL;DR Kerberoasting is fundamentally a weak password problem. Stronger encryption slows down cracking, but it doesn’t...

By: Elad Shamir
Oct 21, 2025 • 4 min read
Read Post
image for The (Near) Return of the King: Account Takeover Using the BadSuccessor Technique

Research & Tradecraft

The (Near) Return of the King: Account Takeover Using the BadSuccessor Technique

TL;DR – After Microsoft patched Yuval Gordon’s BadSuccessor privilege escalation technique, BadSuccessor returned with another blog...

By: Logan Goins
Oct 20, 2025 • 13 min read
Read Post
image for PingOne Attack Paths

Research & Tradecraft

PingOne Attack Paths

TL;DR: You can use PingOneHound in conjunction with BloodHound Community Edition to discover, analyze, execute, and...

By: Andy Robbins
Oct 20, 2025 • 14 min read
Read Post
image for NAA or BroCI…? Let Me Explain

Research & Tradecraft

NAA or BroCI…? Let Me Explain

TL;DR This writeup is a summary of knowledge and resources for nested application authentication (NAA) and...

By: Hope Walker
Oct 15, 2025 • 12 min read
Read Post
image for The Clean Source Principle and the Future of Identity Security

Research & Tradecraft

The Clean Source Principle and the Future of Identity Security

TL;DR Modern identity systems are deeply interconnected, and every weak dependency creates an attack path — no...

By: Jared Atkinson
Oct 8, 2025 • 13 min read
Read Post
image for AI Gated Loader: Teaching Code to Decide Before It Acts

Research & Tradecraft

AI Gated Loader: Teaching Code to Decide Before It Acts

TL;DR AI gated loaders collect telemetry, apply a policy with an LLM, and execute only when...

By: John Wotton
Oct 3, 2025 • 12 min read
Read Post
image for WriteAccountRestrictions (WAR) – What is it good for?

Research & Tradecraft

WriteAccountRestrictions (WAR) – What is it good for?

TL;DR A lot of things. The User-Account-Restrictions property grants read/write permissions to the user-account-control LDAP attribute,...

By: Garrett Foster
Oct 1, 2025 • 20 min read
Read Post