blog category

Research & Tradecraft

image for Managed Identity Attack Paths, Part 3: Function Apps

Research & Tradecraft

Managed Identity Attack Paths, Part 3: Function Apps

Intro and Prior Work In this three part blog series we have explored attack paths that emerge...

By: Andy Robbins
Jun 8, 2022 • 10 min read
Read Post
image for Managed Identity Attack Paths, Part 2: Logic Apps

Research & Tradecraft

Managed Identity Attack Paths, Part 2: Logic Apps

Intro and Prior Work In this three part blog series we are exploring attack paths that emerge...

By: Andy Robbins
Jun 7, 2022 • 9 min read
Read Post
image for Managed Identity Attack Paths, Part 1: Automation Accounts

Research & Tradecraft

Managed Identity Attack Paths, Part 1: Automation Accounts

Intro and Prior Work In this three part blog series we will explore attack paths that emerge...

By: Andy Robbins
Jun 6, 2022 • 12 min read
Read Post
image for DeepPass — Finding Passwords With Deep Learning

Research & Tradecraft

DeepPass — Finding Passwords With Deep Learning

DeepPass — Finding Passwords With Deep Learning One of the routine tasks operators regularly encounter on most engagements is...

By: Will Schroeder
Jun 1, 2022 • 15 min read
Read Post
image for Automating Azure Abuse Research — Part 1

Research & Tradecraft

Automating Azure Abuse Research — Part 1

Automating Azure Abuse Research — Part 1 Intro Back in February of 2020 Karl Fosaaen published a great blog...

By: Andy Robbins
May 25, 2022 • 7 min read
Read Post
image for EntropyCapture: Simple Extraction of DPAPI Optional Entropy

Research & Tradecraft

EntropyCapture: Simple Extraction of DPAPI Optional Entropy

Intro During a short application assessment, enumeration and decryption of a third-party application’s Windows Data Protection...

By: Matt Merrill
May 18, 2022 • 5 min read
Read Post
image for Learning Machine Learning Part 3: Attacking Black Box Models

Research & Tradecraft

Learning Machine Learning Part 3: Attacking Black Box Models

In the first post in this series we covered a brief background on machine learning, the...

By: Will Schroeder
May 4, 2022 • 29 min read
Read Post
image for Learning Machine Learning Part 2: Attacking White Box Models

Research & Tradecraft

Learning Machine Learning Part 2: Attacking White Box Models

In the previous post, I went through a very brief overview of some machine learning concepts,...

By: Will Schroeder
Apr 26, 2022 • 31 min read
Read Post
image for Abusing Azure Container Registry Tasks

Research & Tradecraft

Abusing Azure Container Registry Tasks

Intro and Prior Work More and more organizations are adopting cloud computing, migrating existing business processes and...

By: Andy Robbins
Apr 20, 2022 • 17 min read
Read Post