blog category

Research & Tradecraft

image for Part 14: Sub-Operations

Research & Tradecraft

Part 14: Sub-Operations

On Detection: Tactical to Functional When the Operation is not Enough Introduction A while back, I was...

By: Jared Atkinson
Jun 5, 2024 • 17 min read
Read Post
image for Part 13: Why a Single Test Case is Insufficient

Research & Tradecraft

Part 13: Why a Single Test Case is Insufficient

By: Jared Atkinson
May 31, 2024 • 24 min read
Read Post
image for Behavior vs. Execution Modality

Research & Tradecraft

Behavior vs. Execution Modality

On Detection: Tactical to Functional Part 12 Introduction At Shmoocon 2015, Will Schroeder (Harmj0y) gave a...

By: Jared Atkinson
May 21, 2024 • 20 min read
Read Post
image for Part 12: Behavior vs. Execution Modality

Research & Tradecraft

Part 12: Behavior vs. Execution Modality

By: Jared Atkinson
May 21, 2024 • 20 min read
Read Post
image for Manual LDAP Querying: Part 2

Research & Tradecraft

Manual LDAP Querying: Part 2

This post is a follow-up to my previous post on manual LDAP querying. I would highly...

By: Hope Walker
May 2, 2024 • 20 min read
Read Post
image for ADCS Attack Paths in BloodHound — Part 2

Research & Tradecraft

ADCS Attack Paths in BloodHound — Part 2

ADCS Attack Paths in BloodHound — Part 2 In Part 1 of this series, we explained how we incorporated...

By: Jonas Bülow Knudsen
May 1, 2024 • 13 min read
Read Post
image for Nemesis 1.0.0

Research & Tradecraft

Nemesis 1.0.0

In August of last year, @tifkin_, @0xdab0, and I released Nemesis, our offensive data enrichment platform....

By: will schroeder
Apr 25, 2024 • 10 min read
Read Post
image for LSA Whisperer

Research & Tradecraft

LSA Whisperer

Thank you to SpecterOps for supporting this research, to Elad for helping draft this blog, and...

By: Evan McBroom
Apr 17, 2024 • 35 min read
Read Post
image for Rooting out Risky SCCM Configs with Misconfiguration Manager

Research & Tradecraft

Rooting out Risky SCCM Configs with Misconfiguration Manager

tl;dr: I wrote a script to identify every TAKEOVER and ELEVATE attack in Misconfiguration Manager. Ever...

By: Chris Thompson
Apr 11, 2024 • 4 min read
Read Post