Research & Tradecraft

Research & Tradecraft

Learning from our Myths

By: Cody Thomas

Jun 22, 2021 • 20 min read

Research & Tradecraft

Certified Pre-Owned

L;DR Active Directory Certificate Services has a lot of attack potential! Check out our whitepaper “Certified Pre-Owned:...

By: Will Schroeder

Jun 17, 2021 • 28 min read

Research & Tradecraft

Shadow Credentials: Abusing Key Trust Account Mapping for Account Takeover

By: Elad Shamir

Jun 17, 2021 • 12 min read

Research & Tradecraft

Proxy Windows Tooling via SOCKS

By: Nick Powers

Jun 10, 2021 • 14 min read

Research & Tradecraft

An Introduction to Manual Active Directory Querying with Dsquery and Ldapsearch

Introduction Let’s be honest, BloodHound and PowerView are objectively better tools for querying, enumerating, and investigating Active Directory (AD). They...

By: Hope Walker

Jun 2, 2021 • 21 min read

Research & Tradecraft

Evadere Classifications

Introduction The term evasion is derived from the Latin word “evadere” which means — “To escape,...

By: Jonathan Johnson

Jun 1, 2021 • 11 min read

Research & Tradecraft

Saving Your Access

Screensavers for macOS Persistence Background After revisiting old internal discussions, an area of interest was the...

By: Leo Pitt

May 27, 2021 • 7 min read

Research & Tradecraft

Offensive Security Guide to SSH Tunnels and Proxies

By: Russel Van Tuyl

Apr 22, 2021 • 23 min read

Research & Tradecraft

Man in the Terminal

Summary By using path hijacking and modification on Unix-like machines, we can achieve pseudo-keylogging functionality by...

By: Dwight Hohnstein

Apr 5, 2021 • 7 min read