blog category
Research & Tradecraft
Research & Tradecraft
Crypto Census: Automating Cryptomining Domain Indicator Detections
By: Alexander Sou
Aug 29, 2023 • 14 min read
Read Post
Research & Tradecraft
Site Takeover via SCCM’s AdminService API
tl:dr: The SCCM AdminService API is vulnerable to NTLM relaying and can be abused for SCCM...
By: Garrett Foster
Aug 10, 2023 • 9 min read
Read Post
Research & Tradecraft
In the first post in this series, On (Structured) Data, we talked about the gap area...
By: Will Schroeder
Aug 9, 2023 • 22 min read
Read Post
Research & Tradecraft
Challenges In Post-Exploitation Workflows
In our previous post, we talked about the problem of structured data in the post-exploitation community....
By: Will Schroeder
Aug 2, 2023 • 16 min read
Read Post
Research & Tradecraft
Introduction The offensive security industry is a curious one. On the one hand, we are ahead...
By: Will Schroeder
Jul 26, 2023 • 10 min read
Read Post
Research & Tradecraft
Performance, Diagnostics, and WMI
Windows offers tons of useful tools that administrators can leverage to perform their daily jobs. A...
By: Steven Flores
Jul 11, 2023 • 10 min read
Read Post
Research & Tradecraft
Sowing Chaos and Reaping Rewards in Confluence and Jira
Introduction Let me paint a picture for you. You’re on a red team operation, operating from...
By: Craig Wright
Jun 28, 2023 • 11 min read
Read Post
Research & Tradecraft
Understanding Telemetry: Kernel Callbacks
Introduction I’ve published blogs around telemetry mechanisms like Event Tracing for Windows (ETW) in the Uncovering...
By: Jonathan Johnson
Jun 12, 2023 • 12 min read
Read Post
Research & Tradecraft
Less SmartScreen More Caffeine: (Ab)Using ClickOnce for Trusted Code Execution
The contents of this blogpost was written by Nick Powers (@zyn3rgy) and Steven Flores (@0xthirteen), and...