blog category
Research & Tradecraft
Research & Tradecraft
Introducing BloodHound 4.3 — Get Global Admin More Often
Introducing BloodHound 4.3 — Get Global Admin More Often Discover new attack paths traversing Microsoft Graph and seven new...
By: Andy Robbins
Apr 18, 2023 • 14 min read
Read Post
Research & Tradecraft
Summary: Given that: Temporary Access Passes (TAP) are enabled in the Azure AD tenant AND You...
By: Daniel Heinsen
Mar 29, 2023 • 22 min read
Read Post
Research & Tradecraft
Abusing Azure App Service Managed Identity Assignments
Intro Azure App Service is a Platform-as-a-Service product that promises to improve web application deployment, hosting,...
By: Andy Robbins
Feb 15, 2023 • 11 min read
Read Post
Research & Tradecraft
SpecterOps has released Ghostwriter v3.2 with some significant enhancements we think you’ll like. We overhauled how...
By: Christopher Maddalena
Feb 8, 2023 • 4 min read
Read Post
Research & Tradecraft
At the Edge of Tier Zero: The Curious Case of the RODC
The read-only Domain Controller (RODC) is a solution that Microsoft introduced for physical locations that don’t...
By: Elad Shamir
Jan 25, 2023 • 19 min read
Read Post
Research & Tradecraft
SCCM Site Takeover via Automatic Client Push Installation
tl;dr: Install hotfix KB15599094 and disable NTLM for client push installation. While reading SCCM Current Branch...
By: Chris Thompson
Jan 12, 2023 • 9 min read
Read Post
Research & Tradecraft
Passwordless Persistence and Privilege Escalation in Azure
Adversaries are always looking for stealthy means of maintaining long-term and stealthy persistence and privilege in...
By: Andy Robbins
Dec 21, 2022 • 16 min read
Read Post
Research & Tradecraft
Stalking inside of your Chromium Browser
Revisiting Remote Debugging Okay, you got your favorite agent running on the target machine. You did...
By: Kai Huang
Dec 1, 2022 • 8 min read
Read Post
Research & Tradecraft
Certificates and Pwnage and Patches, Oh My!
This post was written by Will Schroeder and Lee Christensen. A lot has happened since we...