blog category

Research & Tradecraft

image for Intune Attack Paths — Part 1

Research & Tradecraft

Intune Attack Paths — Part 1

Intune Attack Paths — Part 1 Prior Work Several people have recently produced high-quality work around Intune tradecraft. I...

By: Andy Robbins
Jan 15, 2025 • 21 min read
Read Post
image for Part 16: Tool Description

Research & Tradecraft

Part 16: Tool Description

On Detection: Tactical to Functional Why it is Difficult to Say What a Tool Does Introduction Over...

By: Jared Atkinson
Jan 13, 2025 • 17 min read
Read Post
image for Part 15: Function Type Categories

Research & Tradecraft

Part 15: Function Type Categories

On Detection: Tactical to Functional Seven Ways to View API Functions Introduction Welcome back to Part...

By: Jared Atkinson
Jan 7, 2025 • 24 min read
Read Post
image for ADFS — Living in the Legacy of DRS

Research & Tradecraft

ADFS — Living in the Legacy of DRS

ADFS — Living in the Legacy of DRS It’s no secret that Microsoft have been trying to move customers...

By: Adam Chester
Jan 7, 2025 • 32 min read
Read Post
image for Misconfiguration Manager: Detection Updates

Research & Tradecraft

Misconfiguration Manager: Detection Updates

TL;DR: The Misconfiguration Manager DETECT section has been updated with relevant guidance to help defensive operators...

By: joshua prager
Dec 16, 2024 • 7 min read
Read Post
image for Attacking Entra Metaverse: Part 1

Research & Tradecraft

Attacking Entra Metaverse: Part 1

This is part one in a two (maybe three…) part series regarding attacker tradecraft around the...

By: Daniel Heinsen
Dec 13, 2024 • 8 min read
Read Post
image for SPA is for Single-Page Abuse! – Using Single-Page Application Tokens to Enumerate Azure

Research & Tradecraft

SPA is for Single-Page Abuse! – Using Single-Page Application Tokens to Enumerate Azure

Author: Lance B. Cain Overview Microsoft Azure is a leading cloud provider offering technology solutions to companies,...

By: lance b. cain
Dec 10, 2024 • 9 min read
Read Post
image for Azure Key Vault Tradecraft with BARK

Research & Tradecraft

Azure Key Vault Tradecraft with BARK

Brief This post details the existing and new functions in BARK that support adversarial tradecraft research...

By: Andy Robbins
Nov 20, 2024 • 8 min read
Read Post
image for Maestro: Abusing Intune for Lateral Movement Over C2

Research & Tradecraft

Maestro: Abusing Intune for Lateral Movement Over C2

If I have a command and control (C2) agent on an Intune admin’s workstation, I should...

By: Chris Thompson
Oct 31, 2024 • 13 min read
Read Post