Research & Tradecraft

Research & Tradecraft

Proxy Windows Tooling via SOCKS

By: Nick Powers

Jun 10, 2021 • 14 min read

Research & Tradecraft

An Introduction to Manual Active Directory Querying with Dsquery and Ldapsearch

Introduction Let’s be honest, BloodHound and PowerView are objectively better tools for querying, enumerating, and investigating Active Directory (AD). They...

By: Hope Walker

Jun 2, 2021 • 21 min read

Research & Tradecraft

Evadere Classifications

Introduction The term evasion is derived from the Latin word “evadere” which means — “To escape,...

By: Jonathan Johnson

Jun 1, 2021 • 11 min read

Research & Tradecraft

Saving Your Access

Screensavers for macOS Persistence Background After revisiting old internal discussions, an area of interest was the...

By: Leo Pitt

May 27, 2021 • 7 min read

Research & Tradecraft

Offensive Security Guide to SSH Tunnels and Proxies

By: Russel Van Tuyl

Apr 22, 2021 • 23 min read

Research & Tradecraft

Man in the Terminal

Summary By using path hijacking and modification on Unix-like machines, we can achieve pseudo-keylogging functionality by...

By: Dwight Hohnstein

Apr 5, 2021 • 7 min read

Research & Tradecraft

Hacking with Haskell

By: Max Harley

Jan 5, 2021 • 5 min read

Research & Tradecraft

Hands in the Cookie Jar: Dumping Cookies with Chromium’s Remote Debugger Port

Introduction EDIT 7/16/23: Chromium added protections against this technique. Additional details can be found here: https://slyd0g.medium.com/debugging-cookie-dumping-failures-with-chromiums-remote-debugger-8a4c4d19429f This...

By: Justin Bui

Dec 17, 2020 • 13 min read

Research & Tradecraft

Adventures in Dynamic Evasion

Most teams I have worked with rely heavily on anecdotal evidence when it comes to evasion....

By: Matt Hand

Dec 7, 2020 • 12 min read