blog category
Research & Tradecraft
Research & Tradecraft
There’s a new, practical way to escalate from Domain Admin to Enterprise Admin. ESC5 You’ve heard...
By: Andy Robbins
May 16, 2023 • 9 min read
Read Post
Research & Tradecraft
C2 and the Docker Dance: Mythic 3.0’s Marvelous Microservice Moves
— Title by ChatGPT for introducing Mythic 3.0 What is Mythic? Mythic is a plug-n-play command and control...
By: Cody Thomas
May 10, 2023 • 13 min read
Read Post
Research & Tradecraft
Exploring Impersonation through the Named Pipe Filesystem Driver
Introduction Impersonation happens often natively in Windows, however, adversaries also use it to run code in...
By: Jonathan Johnson
May 3, 2023 • 10 min read
Read Post
Research & Tradecraft
Introducing BloodHound 4.3 — Get Global Admin More Often
Introducing BloodHound 4.3 — Get Global Admin More Often Discover new attack paths traversing Microsoft Graph and seven new...
By: Andy Robbins
Apr 18, 2023 • 14 min read
Read Post
Research & Tradecraft
Summary: Given that: Temporary Access Passes (TAP) are enabled in the Azure AD tenant AND You...
By: Daniel Heinsen
Mar 29, 2023 • 22 min read
Read Post
Research & Tradecraft
Abusing Azure App Service Managed Identity Assignments
Intro Azure App Service is a Platform-as-a-Service product that promises to improve web application deployment, hosting,...
By: Andy Robbins
Feb 15, 2023 • 11 min read
Read Post
Research & Tradecraft
SpecterOps has released Ghostwriter v3.2 with some significant enhancements we think you’ll like. We overhauled how...
By: Christopher Maddalena
Feb 8, 2023 • 4 min read
Read Post
Research & Tradecraft
At the Edge of Tier Zero: The Curious Case of the RODC
The read-only Domain Controller (RODC) is a solution that Microsoft introduced for physical locations that don’t...
By: Elad Shamir
Jan 25, 2023 • 19 min read
Read Post
Research & Tradecraft
SCCM Site Takeover via Automatic Client Push Installation
tl;dr: Install hotfix KB15599094 and disable NTLM for client push installation. While reading SCCM Current Branch...