BloodHound 8.0 update adds BloodHound OpenGraph — expanding attack path visibility beyond AD and Entra ID. Learn More
blog category

Research & Tradecraft

image for Part 6: What is a Procedure?

Research & Tradecraft

Part 6: What is a Procedure?

By: Jared Atkinson
Sep 8, 2022 • 16 min read
Read Post
image for Automating Azure Abuse Research — Part 2

Research & Tradecraft

Automating Azure Abuse Research — Part 2

By: Andy Robbins
Aug 31, 2022 • 8 min read
Read Post
image for Part 5: Expanding the Operation Graph

Research & Tradecraft

Part 5: Expanding the Operation Graph

By: Jared Atkinson
Aug 18, 2022 • 17 min read
Read Post
image for Part 4: Compound Functions

Research & Tradecraft

Part 4: Compound Functions

By: Jared Atkinson
Aug 16, 2022 • 12 min read
Read Post
image for Part 3: Expanding the Function Call Graph

Research & Tradecraft

Part 3: Expanding the Function Call Graph

By: Jared Atkinson
Aug 9, 2022 • 15 min read
Read Post
image for Part 2: Operations

Research & Tradecraft

Part 2: Operations

By: Jared Atkinson
Aug 4, 2022 • 10 min read
Read Post
image for Encrypting Strings at Compile Time

Research & Tradecraft

Encrypting Strings at Compile Time

Thank you to SpecterOps for supporting this research and to Duane and Matt for proofreading and...

By: Evan McBroom
Jul 20, 2022 • 5 min read
Read Post
image for Part 1: Discovering API Function Usage through Source Code Review

Research & Tradecraft

Part 1: Discovering API Function Usage through Source Code Review

By: Jared Atkinson
Jul 19, 2022 • 24 min read
Read Post
image for Dealing with Failure: Failure Escalation Policy in CLR Hosts

Research & Tradecraft

Dealing with Failure: Failure Escalation Policy in CLR Hosts

Offensive tooling built upon the .NET framework and its runtime environment, the Common Language Runtime (CLR), is...

By: Jack Ullrich
Jul 13, 2022 • 12 min read
Read Post