blog category
Research & Tradecraft
Research & Tradecraft
An AWS Administrator Identity Crisis: Part 1
BLUF: Every attack path needs a destination. This is a formalized way of describing destinations in...
Jun 28, 2024 • 11 min read
Read Post
Research & Tradecraft
I Will Make you Phishers of Men
PHISHING SCHOOL Convincing Targets to Click Your Links When it comes to phishing advice, the number one...
Jun 25, 2024 • 21 min read
Read Post
Research & Tradecraft
Mapping Snowflake’s Access Landscape
Attack Path Management Because Every Snowflake (Graph) is Unique Introduction On June 2nd, 2024, Snowflake released a...
Jun 13, 2024 • 28 min read
Read Post
Research & Tradecraft
Lateral Movement with the .NET Profiler
Lateral Movement with the .NET Profiler The accompanying code for this blogpost can be found HERE. Intro I spend...
Jun 11, 2024 • 8 min read
Read Post
Research & Tradecraft
Automating SCCM with Ludus: A Configuration Manager for Your Configuration Manager
TL;DR: Using Ludus as the backend, and with the help of Erik at Bad Sector Labs,...
Jun 6, 2024 • 13 min read
Read Post
Research & Tradecraft
On Detection: Tactical to Functional When the Operation is not Enough Introduction A while back, I was...
Jun 5, 2024 • 17 min read
Read Post
Research & Tradecraft
Behavior vs. Execution Modality
On Detection: Tactical to Functional Part 12 Introduction At Shmoocon 2015, Will Schroeder (Harmj0y) gave a...
May 21, 2024 • 20 min read
Read Post
Research & Tradecraft
This post is a follow-up to my previous post on manual LDAP querying. I would highly...
May 2, 2024 • 20 min read
Read Post
Research & Tradecraft
ADCS Attack Paths in BloodHound — Part 2
ADCS Attack Paths in BloodHound — Part 2 In Part 1 of this series, we explained how we incorporated...