Research & Tradecraft

Research & Tradecraft

Capability Abstraction Case Study: Detecting Malicious Boot Configuration Modifications

By: Michael Barclay

Nov 9, 2021 • 24 min read

Research & Tradecraft

Azure Privilege Escalation via Service Principal Abuse

Intro and Prior Work On-prem Active Directory is here to stay, and so is Azure Active...

By: Andy Robbins

Oct 12, 2021 • 9 min read

Research & Tradecraft

AWS ReadOnlyAccess: Not Even Once

By: Daniel Heinsen

Aug 27, 2021 • 9 min read

Research & Tradecraft

Entity Based Detection Engineering with BloodHound Enterprise

Critical Attack Path with Auditing Table of Contents Introduction Enterprise Access Model BloodHound and Detection BloodHound Enterprise Entity Based...

By: Joshua Prager

Aug 18, 2021 • 13 min read

Research & Tradecraft

1Password Secret Retrieval — Methodology and Implementation

Background and Motivation 1Password is a password manager developed by AgileBits Inc., providing a place for users to store...

By: Dwight Hohnstein

Aug 17, 2021 • 17 min read

Research & Tradecraft

Playing Detection with a Full Deck

By: Jared Atkinson

Aug 16, 2021 • 12 min read

Research & Tradecraft

Learning from our Myths

By: Cody Thomas

Jun 22, 2021 • 20 min read

Research & Tradecraft

Certified Pre-Owned

L;DR Active Directory Certificate Services has a lot of attack potential! Check out our whitepaper “Certified Pre-Owned:...

By: Will Schroeder

Jun 17, 2021 • 28 min read

Research & Tradecraft

Shadow Credentials: Abusing Key Trust Account Mapping for Account Takeover

By: Elad Shamir

Jun 17, 2021 • 12 min read