Protect mission-critical assets from identity compromise with new Privilege Zones in BloodHound Enterprise. Learn More
Get a Demo
blog category

Research & Tradecraft

image for The Renaissance of NTLM Relay Attacks: Everything You Need to Know

Research & Tradecraft

The Renaissance of NTLM Relay Attacks: Everything You Need to Know

NTLM relay attacks have been around for a long time. While many security practitioners think NTLM relay is a solved problem, or at least a not-so-severe one, it...

By: Elad Shamir
Apr 8, 2025 • 40 min read
Read Post
image for Make Sure to Use SOAP(y) – An Operators Guide to Stealthy AD Collection Using ADWS

Research & Tradecraft

Make Sure to Use SOAP(y) – An Operators Guide to Stealthy AD Collection Using ADWS

Learn how to perform stealthy recon of Active Directory environments over ADWS for Red Team Assessments

By: Logan Goins
Jul 25, 2025 • 17 min read
Read Post
image for I’d Like to Speak to Your Manager: Stealing Secrets with Management Point Relays

Research & Tradecraft

I’d Like to Speak to Your Manager: Stealing Secrets with Management Point Relays

TL;DR Network Access Account, Task Sequence, and Collection Settings policies can be recovered from SCCM by...

By: Garrett Foster
Jul 15, 2025 • 24 min read
Read Post
image for Machine Learning Series Chapter 1

Research & Tradecraft

Machine Learning Series Chapter 1

MICROGRAD FOR MORTALS TL;DR Let’s use Micrograd to explain core ML concepts like supervised learning, regression,...

By: Diego lomellini
Jul 2, 2025 • 42 min read
Read Post
image for Misconfiguration Manager: Still Overlooked, Still Overprivileged

Research & Tradecraft

Misconfiguration Manager: Still Overlooked, Still Overprivileged

TL;DR It has been one year since Misconfiguration Manager’s release and the security community has been...

By: Duane Michael, Garrett Foster
Jun 26, 2025 • 8 min read
Read Post
image for Untrustworthy Trust Builders: Account Operators Replicating Trust Attack (AORTA)

Research & Tradecraft

Untrustworthy Trust Builders: Account Operators Replicating Trust Attack (AORTA)

TL;DR The Incoming Forest Trust Builders group (not AdminSDHolder protected) can create inbound forest trusts with...

By: Jonas Bülow Knudsen
Jun 25, 2025 • 20 min read
Read Post
image for Lost in Translation: How L33tspeak Might Throw Sentiment Analysis Models for a Loop

Research & Tradecraft

Lost in Translation: How L33tspeak Might Throw Sentiment Analysis Models for a Loop

TL;DR Sentiment analysis models are used to assess conventional use of language, but what happens when...

By: Max Andreacchi
Jun 24, 2025 • 9 min read
Read Post
image for LLMentary, My Dear Claude: Prompt Engineering an LLM to Perform Word-to-Markdown Conversion for Templated Content

Research & Tradecraft

LLMentary, My Dear Claude: Prompt Engineering an LLM to Perform Word-to-Markdown Conversion for Templated Content

While LLMs can expedite parts of the technical writing/editing process, these tools still require human oversight...

By: Sarah Miles
Jun 20, 2025 • 11 min read
Read Post
image for Ghostwriter v6: Introducing Collaborative Editing

Research & Tradecraft

Ghostwriter v6: Introducing Collaborative Editing

TL;DR: Ghostwriter now supports real-time collaborative editing for observations, findings, and report fields using the YJS...

By: Christopher Maddalena, Alex Parrill
Jun 18, 2025 • 9 min read
Read Post
image for Administrator Protection Review

Research & Tradecraft

Administrator Protection Review

TL;DR Microsoft will be introducing Administrator Protection into Windows 11, so I wanted to have an...

By: Adam Chester
Jun 18, 2025 • 11 min read
Read Post