blog category

Research & Tradecraft

image for Mapping Snowflake’s Access Landscape

Research & Tradecraft

Mapping Snowflake’s Access Landscape

Attack Path Management Because Every Snowflake (Graph) is Unique Introduction On June 2nd, 2024, Snowflake released a...

Jun 13, 2024 • 28 min read
Read Post
image for Lateral Movement with the .NET Profiler

Research & Tradecraft

Lateral Movement with the .NET Profiler

Lateral Movement with the .NET Profiler The accompanying code for this blogpost can be found HERE. Intro I spend...

Jun 11, 2024 • 8 min read
Read Post
image for Ghostwriter v4.2

Research & Tradecraft

Ghostwriter v4.2

Ghostwriter v4.2: Project Documents & Reporting Enhancements After April’s massive Ghostwriter v4.1 release, we received some...

Jun 10, 2024 • 7 min read
Read Post
image for Automating SCCM with Ludus: A Configuration Manager for Your Configuration Manager

Research & Tradecraft

Automating SCCM with Ludus: A Configuration Manager for Your Configuration Manager

TL;DR: Using Ludus as the backend, and with the help of Erik at Bad Sector Labs,...

Jun 6, 2024 • 13 min read
Read Post
image for Part 14: Sub-Operations

Research & Tradecraft

Part 14: Sub-Operations

On Detection: Tactical to Functional When the Operation is not Enough Introduction A while back, I was...

Jun 5, 2024 • 17 min read
Read Post
image for Part 13: Why a Single Test Case is Insufficient

Research & Tradecraft

Part 13: Why a Single Test Case is Insufficient

May 31, 2024 • 24 min read
Read Post
image for Behavior vs. Execution Modality

Research & Tradecraft

Behavior vs. Execution Modality

On Detection: Tactical to Functional Part 12 Introduction At Shmoocon 2015, Will Schroeder (Harmj0y) gave a...

May 21, 2024 • 20 min read
Read Post
image for Part 12: Behavior vs. Execution Modality

Research & Tradecraft

Part 12: Behavior vs. Execution Modality

May 21, 2024 • 20 min read
Read Post
image for Manual LDAP Querying: Part 2

Research & Tradecraft

Manual LDAP Querying: Part 2

This post is a follow-up to my previous post on manual LDAP querying. I would highly...

May 2, 2024 • 20 min read
Read Post