blog category
Research & Tradecraft
Research & Tradecraft
TLDR: Operators are telling you what to build. Janus listens. Every failed command, retry, and workaround...
By: Gavin Kramer
Apr 10, 2026 • 11 min read
Read Post
Research & Tradecraft
ghostsurf: From NTLM Relay to Browser Session Hijacking
TL;DR: ntlmrelayx‘s SOCKS proxy works great for SMB and MSSQL but fails when you try to...
By: Allen DeMoura
Apr 2, 2026 • 17 min read
Read Post
Research & Tradecraft
TL;DR : While writing ConfigManBearPig, a PowerShell script that enables collection of SCCM-related attack paths for...
By: Chris Thompson
Apr 1, 2026 • 6 min read
Read Post
Research & Tradecraft
JamfHound v1.1 Update: SSO Attack Paths and Okta Additions
TL;DR : New SSO Attack Paths and Okta Edges in JamfHound: Updates have been added to...
By: Lance B. Cain
Mar 31, 2026 • 10 min read
Read Post
Research & Tradecraft
Leveling Up Secure Code Reviews with Claude Code
TL;DR: Claude Code is a force multiplier when performing secure code reviews during an assessment. In...
By: Andrew Luke
Mar 26, 2026 • 18 min read
Read Post
Research & Tradecraft
Attack Paths Don’t Stop at Identity Providers
Modeling Okta in BloodHound Enterprise to uncover cross-platform identity risk Introduction Identity is no longer confined...
By: Jared Atkinson
Mar 24, 2026 • 10 min read
Read Post
Research & Tradecraft
RTFM: Read The Fatal Manual – When Vendor Documentation Creates Critical Attack Paths
TL;DR: Trusted vendor documentation across 16 major technology companies were actively guiding administrators to deploy critical...
By: Martin Sohn Christensen
Mar 24, 2026 • 55 min read
Read Post
Research & Tradecraft
Discovering Unexpected Okta Attack Paths with BloodHound
TL;DR: OktaHound is a new data collector for the Okta Platform that ingests information about entities...
By: Michael Grafnetter
Mar 23, 2026 • 15 min read
Read Post
Research & Tradecraft
TL;DR: This post introduces red team operators to Tailscale concepts and tradecraft that can be leveraged...