blog category
Research & Tradecraft
Research & Tradecraft
L;DR Active Directory Certificate Services has a lot of attack potential! Check out our whitepaper “Certified Pre-Owned:...
By: Will Schroeder
Jun 17, 2021 • 28 min read
Read Post
Research & Tradecraft
Shadow Credentials: Abusing Key Trust Account Mapping for Account Takeover
By: Elad Shamir
Jun 17, 2021 • 12 min read
Read Post
Research & Tradecraft
Proxy Windows Tooling via SOCKS
By: Nick Powers
Jun 10, 2021 • 14 min read
Read Post
Research & Tradecraft
An Introduction to Manual Active Directory Querying with Dsquery and Ldapsearch
Introduction Let’s be honest, BloodHound and PowerView are objectively better tools for querying, enumerating, and investigating Active Directory (AD). They...
By: Hope Walker
Jun 2, 2021 • 21 min read
Read Post
Research & Tradecraft
Offensive Security Guide to SSH Tunnels and Proxies
By: Russel Van Tuyl
Apr 22, 2021 • 23 min read
Read Post
Research & Tradecraft
Summary By using path hijacking and modification on Unix-like machines, we can achieve pseudo-keylogging functionality by...
By: Dwight Hohnstein
Apr 5, 2021 • 7 min read
Read Post
Research & Tradecraft
Hands in the Cookie Jar: Dumping Cookies with Chromium’s Remote Debugger Port
Introduction EDIT 7/16/23: Chromium added protections against this technique. Additional details can be found here: https://slyd0g.medium.com/debugging-cookie-dumping-failures-with-chromiums-remote-debugger-8a4c4d19429f This...
By: Justin Bui
Dec 17, 2020 • 13 min read
Read Post
Research & Tradecraft
Introducing BloodHound 4.0: The Azure Update