blog category

Research & Tradecraft

image for SPA is for Single-Page Abuse! – Using Single-Page Application Tokens to Enumerate Azure

Research & Tradecraft

SPA is for Single-Page Abuse! – Using Single-Page Application Tokens to Enumerate Azure

Author: Lance B. Cain Overview Microsoft Azure is a leading cloud provider offering technology solutions to companies,...

Dec 10, 2024 • 9 min read
Read Post
image for Azure Key Vault Tradecraft with BARK

Research & Tradecraft

Azure Key Vault Tradecraft with BARK

Brief This post details the existing and new functions in BARK that support adversarial tradecraft research...

Nov 20, 2024 • 8 min read
Read Post
image for Maestro: Abusing Intune for Lateral Movement Over C2

Research & Tradecraft

Maestro: Abusing Intune for Lateral Movement Over C2

If I have a command and control (C2) agent on an Intune admin’s workstation, I should...

Oct 31, 2024 • 13 min read
Read Post
image for Maestro: Abusing Intune for Lateral Movement Over C2

Research & Tradecraft

Maestro: Abusing Intune for Lateral Movement Over C2

Oct 31, 2024 • 13 min read
Read Post
image for BOFHound: AD CS Integration

Research & Tradecraft

BOFHound: AD CS Integration

TL;DR: BOFHound can now parse Active Directory Certificate Services (AD CS) objects, manually queried from LDAP,...

Oct 30, 2024 • 14 min read
Read Post
image for Dotnet Source Generators in 2024 Part 1: Getting Started

Research & Tradecraft

Dotnet Source Generators in 2024 Part 1: Getting Started

Introduction In this blog post, we will cover the basics of a source generator, the major...

Oct 1, 2024 • 35 min read
Read Post
image for Ghostwriter v4.3: SSO, JSON Fields, and Reporting with BloodHound

Research & Tradecraft

Ghostwriter v4.3: SSO, JSON Fields, and Reporting with BloodHound

Ghostwriter v4.3 is available now, and it enhances features introduced in previous versions of v4 in...

Sep 23, 2024 • 7 min read
Read Post
image for ADCS Attack Paths in BloodHound — Part 3

Research & Tradecraft

ADCS Attack Paths in BloodHound — Part 3

ADCS Attack Paths in BloodHound — Part 3 In Part 1 of this series, we explained how we incorporated...

Sep 11, 2024 • 22 min read
Read Post
image for ADCS Attack Paths in BloodHound — Part 3

Research & Tradecraft

ADCS Attack Paths in BloodHound — Part 3

Sep 11, 2024 • 22 min read
Read Post