blog category
Research & Tradecraft
Research & Tradecraft
I Will Make you Phishers of Men
PHISHING SCHOOL Convincing Targets to Click Your Links When it comes to phishing advice, the number one...
By: Forrest Kasler
Jun 25, 2024 • 21 min read
Read Post
Research & Tradecraft
Deconstructing Logon Session Enumeration
Purple Teaming How we define and create test cases for our purple team runbooks Intro In our...
By: garrett white
Jun 21, 2024 • 11 min read
Read Post
Research & Tradecraft
How Privileged Identity Management Affects Conditional Access Policies
Introduction When administrators use directory roles (aka Entra ID roles) when configuring Conditional Access Policies (CAPs),...
By: Hope Walker
Jun 20, 2024 • 11 min read
Read Post
Research & Tradecraft
PHISHING SCHOOL Bypassing Phishing Link Filters You could have a solid pretext that slips right by your...
By: Forrest Kasler
Jun 18, 2024 • 15 min read
Read Post
Research & Tradecraft
Mapping Snowflake’s Access Landscape
Attack Path Management Because Every Snowflake (Graph) is Unique Introduction On June 2nd, 2024, Snowflake released a...
By: Jared Atkinson
Jun 13, 2024 • 28 min read
Read Post
Research & Tradecraft
PHISHING SCHOOL How to Bypass SPAM Filters If you have ever written the word “click” in a...
By: Forrest Kasler
Jun 12, 2024 • 25 min read
Read Post
Research & Tradecraft
Lateral Movement with the .NET Profiler
Lateral Movement with the .NET Profiler The accompanying code for this blogpost can be found HERE. Intro I spend...
By: Daniel Mayer
Jun 11, 2024 • 8 min read
Read Post
Research & Tradecraft
Ghostwriter v4.2: Project Documents & Reporting Enhancements After April’s massive Ghostwriter v4.1 release, we received some...
By: Christopher Maddalena
Jun 10, 2024 • 7 min read
Read Post
Research & Tradecraft
Automating SCCM with Ludus: A Configuration Manager for Your Configuration Manager
TL;DR: Using Ludus as the backend, and with the help of Erik at Bad Sector Labs,...