2026 Trends in Identity APM Report is now available! Learn More
blog category

Research & Tradecraft

Search results for: sccm
Found 41 result(s)

image for Site Takeover via SCCM’s AdminService API

Research & Tradecraft

Site Takeover via SCCM’s AdminService API

tl:dr: The SCCM AdminService API is vulnerable to NTLM relaying and can be abused for SCCM...

By: Garrett Foster
Aug 10, 2023 • 9 min read
Read Post
image for SCCM Site Takeover via Automatic Client Push Installation

Research & Tradecraft

SCCM Site Takeover via Automatic Client Push Installation

tl;dr: Install hotfix KB15599094 and disable NTLM for client push installation. While reading SCCM Current Branch...

By: Chris Thompson
Jan 12, 2023 • 9 min read
Read Post
image for Relaying NTLM Authentication from SCCM Clients

Research & Tradecraft

Relaying NTLM Authentication from SCCM Clients

tl;dr: Seriously, please disable NTLM I recently learned that you can coerce NTLM authentication from SCCM servers...

By: Chris Thompson
Jun 30, 2022 • 16 min read
Read Post
image for The Phantom Credentials of SCCM: Why the NAA Won’t Die

Research & Tradecraft

The Phantom Credentials of SCCM: Why the NAA Won’t Die

TL;DR — Stop Using Network Access Accounts! If a Windows machine has ever been an SCCM client, there...

By: Duane Michael
Jun 28, 2022 • 10 min read
Read Post
image for Coercing NTLM Authentication from SCCM

Research & Tradecraft

Coercing NTLM Authentication from SCCM

tl;dr: Disable NTLM for Client Push Installation When SCCM automatic site assignment and automatic client push...

By: Chris Thompson
Apr 13, 2022 • 28 min read
Read Post
image for ghostsurf: From NTLM Relay to Browser Session Hijacking

Research & Tradecraft

ghostsurf: From NTLM Relay to Browser Session Hijacking

TL;DR: ntlmrelayx‘s SOCKS proxy works great for SMB and MSSQL but fails when you try to...

By: Allen DeMoura
Apr 2, 2026 • 17 min read
Read Post
image for Mapping Deception Solutions With BloodHound OpenGraph  – Configuration Manager

Research & Tradecraft

Mapping Deception Solutions With BloodHound OpenGraph  – Configuration Manager

TL;DR: At SpecterOps, we look at Attack Path Management from multiple perspectives, including those of identifying...

By: Joshua Prager
Feb 19, 2026 • 20 min read
Read Post
image for Task Failed Successfully – Microsoft’s “Immediate” Retirement of MDT

Research & Tradecraft

Task Failed Successfully – Microsoft’s “Immediate” Retirement of MDT

TL;DR – After reporting vulnerabilities found in MDT, Microsoft chose to retire the service rather than...

By: Garrett Foster
Jan 21, 2026 • 12 min read
Read Post
image for Updates to the MSSQLHound OpenGraph Collector for BloodHound

Research & Tradecraft

Updates to the MSSQLHound OpenGraph Collector for BloodHound

tl;dr: MSSQLHound, a PowerShell script that collects security information from remote MSSQL Server instances, now scans...

By: Chris Thompson
Jan 20, 2026 • 7 min read
Read Post