blog category
Research & Tradecraft

Research & Tradecraft
Mythic 3.3 Beta: Rise of the Events
A brief overview of Mythic 3.3’s new features Eventing Flows Mythic 3.3 Updates Mythic 3.3 has too many...
By: Cody Thomas
Jul 15, 2024 • 8 min read
Read Post
Research & Tradecraft
PHISHING SCHOOL How to Make Your Phishing Sites Blend In As you read this, bots are coming...
By: forrest kasler
Jul 9, 2024 • 12 min read
Read Post
Research & Tradecraft
An AWS Administrator Identity Crisis: Part 1
BLUF: Every attack path needs a destination. This is a formalized way of describing destinations in...
By: Daniel Heinsen
Jun 28, 2024 • 11 min read
Read Post
Research & Tradecraft
I Will Make you Phishers of Men
PHISHING SCHOOL Convincing Targets to Click Your Links When it comes to phishing advice, the number one...
By: forrest kasler
Jun 25, 2024 • 21 min read
Read Post
Research & Tradecraft
How Privileged Identity Management Affects Conditional Access Policies
Introduction When administrators use directory roles (aka Entra ID roles) when configuring Conditional Access Policies (CAPs),...
By: Hope Walker
Jun 20, 2024 • 11 min read
Read Post
Research & Tradecraft
Mapping Snowflake’s Access Landscape
Attack Path Management Because Every Snowflake (Graph) is Unique Introduction On June 2nd, 2024, Snowflake released a...
By: Jared Atkinson
Jun 13, 2024 • 28 min read
Read Post
Research & Tradecraft
Lateral Movement with the .NET Profiler
Lateral Movement with the .NET Profiler The accompanying code for this blogpost can be found HERE. Intro I spend...
By: daniel mayer
Jun 11, 2024 • 8 min read
Read Post
Research & Tradecraft
Ghostwriter v4.2: Project Documents & Reporting Enhancements After April’s massive Ghostwriter v4.1 release, we received some...
By: Christopher Maddalena
Jun 10, 2024 • 7 min read
Read Post
Research & Tradecraft
Automating SCCM with Ludus: A Configuration Manager for Your Configuration Manager
TL;DR: Using Ludus as the backend, and with the help of Erik at Bad Sector Labs,...