blog category
Research & Tradecraft
Research & Tradecraft
Prioritization of the Detection Engineering Backlog
Written by Joshua Prager and Emily Leidy Introduction Strategically maturing a detection engineering function requires us to...
Oct 5, 2022 • 17 min read
Read Post
Research & Tradecraft
Encrypting Strings at Compile Time
Thank you to SpecterOps for supporting this research and to Duane and Matt for proofreading and...
Jul 20, 2022 • 5 min read
Read Post
Research & Tradecraft
Dealing with Failure: Failure Escalation Policy in CLR Hosts
Offensive tooling built upon the .NET framework and its runtime environment, the Common Language Runtime (CLR), is...
Jul 13, 2022 • 12 min read
Read Post
Research & Tradecraft
Years ago I was chatting with a few experienced red teamers and one was lamenting token...
Jul 7, 2022 • 14 min read
Read Post
Research & Tradecraft
Relaying NTLM Authentication from SCCM Clients
tl;dr: Seriously, please disable NTLM I recently learned that you can coerce NTLM authentication from SCCM servers...
Jun 30, 2022 • 16 min read
Read Post
Research & Tradecraft
The Phantom Credentials of SCCM: Why the NAA Won’t Die
TL;DR — Stop Using Network Access Accounts! If a Windows machine has ever been an SCCM client, there...
Jun 28, 2022 • 10 min read
Read Post
Research & Tradecraft
Understanding the Function Call Stack
There’s more than meets the eye under the function call hood This post is based on a...
Jun 27, 2022 • 11 min read
Read Post
Research & Tradecraft
The Ghostwriter team recently released v3.0.0. This release represents a significant milestone for the project, and...