2026 Trends in Identity APM Report is now available! Learn More
blog category

Research & Tradecraft

image for Leveling Up Secure Code Reviews with Claude Code

Research & Tradecraft

Leveling Up Secure Code Reviews with Claude Code

TL;DR: Claude Code is a force multiplier when performing secure code reviews during an assessment. In...

By: Andrew Luke
Mar 26, 2026 • 18 min read
Read Post
image for Attack Paths Don’t Stop at Identity Providers

Research & Tradecraft

Attack Paths Don’t Stop at Identity Providers

Modeling Okta in BloodHound Enterprise to uncover cross-platform identity risk Introduction Identity is no longer confined...

By: Jared Atkinson
Mar 24, 2026 • 10 min read
Read Post
image for RTFM: Read The Fatal Manual – When Vendor Documentation Creates Critical Attack Paths

Research & Tradecraft

RTFM: Read The Fatal Manual – When Vendor Documentation Creates Critical Attack Paths

TL;DR: Trusted vendor documentation across 16 major technology companies were actively guiding administrators to deploy critical...

By: Martin Sohn Christensen
Mar 24, 2026 • 55 min read
Read Post
image for Discovering Unexpected Okta Attack Paths with BloodHound

Research & Tradecraft

Discovering Unexpected Okta Attack Paths with BloodHound

TL;DR: OktaHound is a new data collector for the Okta Platform that ingests information about entities...

By: Michael Grafnetter
Mar 23, 2026 • 15 min read
Read Post
image for Leveraging Tailscale Keys

Research & Tradecraft

Leveraging Tailscale Keys

TL;DR: This post introduces red team operators to Tailscale concepts and tradecraft that can be leveraged...

By: Andrew Luke
Mar 12, 2026 • 15 min read
Read Post
image for Emergent Architectural Leakage in Frontier Models: The Dual-Claude Phenomenon

Research & Tradecraft

Emergent Architectural Leakage in Frontier Models: The Dual-Claude Phenomenon

TL;DR: A pleasant evening conversation last summer with Claude resulted in a possible disclosure of its...

By: Max Andreacchi
Mar 11, 2026 • 12 min read
Read Post
image for The Nemesis 2.X Development Guide

Research & Tradecraft

The Nemesis 2.X Development Guide

TL;DR: Nemesis 2.X makes it easy to extend the platform – this guide walks through creating...

By: Will Schroeder, Lee Chagolla-Christensen
Mar 10, 2026 • 16 min read
Read Post
image for Offensive DPAPI With Nemesis

Research & Tradecraft

Offensive DPAPI With Nemesis

TL;DR: Nemesis 2.2 automates the entire DPAPI decryption chain – from SYSTEM/user masterkeys through CNG keys...

By: Will Schroeder, Lee Chagolla-Christensen
Mar 4, 2026 • 16 min read
Read Post
image for Nemesis 2.2

Research & Tradecraft

Nemesis 2.2

TL;DR: Nemesis 2.2 introduces a number of powerful new features focusing on large container processing, data...

By: Will Schroeder, Lee Chagolla-Christensen
Feb 25, 2026 • 22 min read
Read Post