2026 Trends in Identity APM Report is now available! Learn More
blog category

Research & Tradecraft

image for SCOMmand And Conquer – Attacking System Center Operations Manager (Part 2)

Research & Tradecraft

SCOMmand And Conquer – Attacking System Center Operations Manager (Part 2)

TL;DR: We found that SCOM RunAs credentials could be obtained on-host and also off-host in certain...

By: Matt Johnson
Dec 10, 2025 • 49 min read
Read Post
image for SCOMmand and Conquer – Attacking System Center Operations Manager (Part 1)

Research & Tradecraft

SCOMmand and Conquer – Attacking System Center Operations Manager (Part 1)

TL:DR SCOM suffers from similar insecure default configurations as its SCCM counterpart, enabling attackers to escalate...

By: Garrett Foster
Dec 10, 2025 • 21 min read
Read Post
image for Git SCOMmit – Putting the Ops in OpsMgr

Research & Tradecraft

Git SCOMmit – Putting the Ops in OpsMgr

TL;DR Yet another System Center Ludus configuration for your collection. https://github.com/Synzack/ludus_scom Intro As you may know,...

By: Zach Stein
Dec 9, 2025 • 14 min read
Read Post
image for Less Praying More Relaying – Enumerating EPA Enforcement for MSSQL and HTTPS

Research & Tradecraft

Less Praying More Relaying – Enumerating EPA Enforcement for MSSQL and HTTPS

TL;DR – It’s important to know if your NTLM relay will be prevented by integrity protections...

By: Nick Powers, Matt Creel
Nov 25, 2025 • 16 min read
Read Post
image for An Evening with Claude (Code)

Research & Tradecraft

An Evening with Claude (Code)

TL;DR – A new vulnerability was found one evening in Claude Code (CVE-2025-64755). I’d love to...

By: Adam Chester
Nov 21, 2025 • 17 min read
Read Post
image for SCCM Hierarchy Takeover via Entra Integration…Because of the Implication

Research & Tradecraft

SCCM Hierarchy Takeover via Entra Integration…Because of the Implication

TL;DR SCCM sites (prior to KB35360093) integrated with Entra ID can be abused to compromise the...

By: Garrett Foster
Nov 19, 2025 • 17 min read
Read Post
image for Unpacking the AAD Broker LocalState Cache

Research & Tradecraft

Unpacking the AAD Broker LocalState Cache

TL;DR: This post documents the AAD Broker’s storage format, how to unpack it, and discusses potential...

By: Jack Ullrich
Nov 3, 2025 • 16 min read
Read Post
image for AdminSDHolder: Misconceptions, Misconfigurations, and Myths

Research & Tradecraft

AdminSDHolder: Misconceptions, Misconfigurations, and Myths

TL;DR: This blog is the brief version. I love delving into ancient history. The Fall of...

By: Jim Sykora
Oct 31, 2025 • 4 min read
Read Post
image for Catching Credential Guard Off Guard

Research & Tradecraft

Catching Credential Guard Off Guard

TL;DR Due to new security features in Windows and the lack of existing research, we set...

By: Valdemar Carøe
Oct 23, 2025 • 36 min read
Read Post