Early bird registration for SO-CON 2026 is now open!  Register Now
blog category

Research & Tradecraft

image for Drink Like a Phish

Research & Tradecraft

Drink Like a Phish

PHISHING SCHOOL How to Make Your Phishing Sites Blend In As you read this, bots are coming...

By: Forrest Kasler
Jul 9, 2024 • 12 min read
Read Post
image for Like Shooting Phish in a Barrel

Research & Tradecraft

Like Shooting Phish in a Barrel

PHISHING SCHOOL Bypassing Link Crawlers You’ve just convinced a target user to click your link. In doing...

By: Forrest Kasler
Jul 2, 2024 • 14 min read
Read Post
image for An AWS Administrator Identity Crisis: Part 1

Research & Tradecraft

An AWS Administrator Identity Crisis: Part 1

BLUF: Every attack path needs a destination. This is a formalized way of describing destinations in...

By: Daniel Heinsen
Jun 28, 2024 • 11 min read
Read Post
image for I Will Make you Phishers of Men

Research & Tradecraft

I Will Make you Phishers of Men

PHISHING SCHOOL Convincing Targets to Click Your Links When it comes to phishing advice, the number one...

By: Forrest Kasler
Jun 25, 2024 • 21 min read
Read Post
image for Deconstructing Logon Session Enumeration

Research & Tradecraft

Deconstructing Logon Session Enumeration

Purple Teaming How we define and create test cases for our purple team runbooks Intro In our...

By: garrett white
Jun 21, 2024 • 11 min read
Read Post
image for How Privileged Identity Management Affects Conditional Access Policies

Research & Tradecraft

How Privileged Identity Management Affects Conditional Access Policies

Introduction When administrators use directory roles (aka Entra ID roles) when configuring Conditional Access Policies (CAPs),...

By: Hope Walker
Jun 20, 2024 • 11 min read
Read Post
image for Feeding the Phishes

Research & Tradecraft

Feeding the Phishes

PHISHING SCHOOL Bypassing Phishing Link Filters You could have a solid pretext that slips right by your...

By: Forrest Kasler
Jun 18, 2024 • 15 min read
Read Post
image for Mapping Snowflake’s Access Landscape

Research & Tradecraft

Mapping Snowflake’s Access Landscape

Attack Path Management Because Every Snowflake (Graph) is Unique Introduction On June 2nd, 2024, Snowflake released a...

By: Jared Atkinson
Jun 13, 2024 • 28 min read
Read Post
image for Fly Phishing

Research & Tradecraft

Fly Phishing

PHISHING SCHOOL How to Bypass SPAM Filters If you have ever written the word “click” in a...

By: Forrest Kasler
Jun 12, 2024 • 25 min read
Read Post