Research & Tradecraft

Research & Tradecraft

Covenant v0.6

By: Ryan Cobb

Aug 4, 2020 • 5 min read

Research & Tradecraft

Persistent AWS access with role chain juggling

By: Daniel Heinsen

Jul 16, 2020 • 7 min read

Research & Tradecraft

Requesting Azure AD Request Tokens on Azure-AD-joined Machines for Browser SSO

RequestAADRefreshToken is a tool that returns OAuth 2.0 refresh tokens for an Azure-AD-authenticated Windows user (i.e. the machine is joined to...

By: BloodHound Team

Jul 14, 2020 • 8 min read

Research & Tradecraft

Automating DLL Hijack Discovery

Introduction This blogpost will describe the concept of dynamic-link library (DLL) search order hijacking and how...

By: Justin Bui

Jun 30, 2020 • 14 min read

Research & Tradecraft

Attacking FreeIPA — Part IV: CVE-2020–10747

I was informed on Wednesday June 17th 2020 that CVE 2020–10747 was revoked after it had...

By: Julian Catrambone

Jun 28, 2020 • 7 min read

Research & Tradecraft

Covenant v0.5

By: Ryan Cobb

Jun 4, 2020 • 6 min read

Research & Tradecraft

Attacking FreeIPA — Part III: Finding A Path

This post is Part III in a series about my experiences attacking FreeIPA. In Part I...

By: Julian Catrambone

Jun 1, 2020 • 6 min read

Research & Tradecraft

Building a FreeIPA Lab

Recently I started a series of blog posts detailing some of the lessons I learned about...

By: Julian Catrambone

May 14, 2020 • 7 min read

Research & Tradecraft

Detection in Depth

By: Joshua Prager

May 8, 2020 • 17 min read