blog category
Research & Tradecraft
Research & Tradecraft
Calling Home, Get Your Callbacks Through RBI
Authored By: Lance B. Cain and Alexander DeMine Overview Remote Browser Isolation (RBI) is a security...
Jan 17, 2024 • 22 min read
Read Post
Research & Tradecraft
Sleepy — Python Tooling for Sleep
Sleepy — Python Tooling for Sleep Thank you to SpecterOps for supporting this research and to Sarah, Cody, and...
Dec 14, 2023 • 7 min read
Read Post
Research & Tradecraft
Mythic v3.2 Highlights: Interactive Tasking, Push C2, and Dynamic File Browser
TL;DR; Mythic v3.2 has Push C2, Interactive Async Tasking, TypedArray parameters, new graphing libraries in the...
Nov 29, 2023 • 10 min read
Read Post
Research & Tradecraft
Merlin’s Evolution: Multi-Operator CLI and Peer-to-Peer Magic
Image Generated by https://hotpot.ai/art-generator Over the past year, I’ve been working on making significant updates to...
Nov 15, 2023 • 9 min read
Read Post
Research & Tradecraft
On Detection: Tactical to Functional
Part 11: Functional Composition Introduction Welcome back to part 11 of the On Detection blog series....
Nov 14, 2023 • 20 min read
Read Post
Research & Tradecraft
Abusing Slack for Offensive Operations: Part 2
When I first started diving into offensive Slack access, one of the best public resources I...
Nov 9, 2023 • 6 min read
Read Post
Research & Tradecraft
Lateral Movement without Lateral Movement (Brought to you by ConfigMgr)
Introduction Earlier this year, I submitted a pull request to SharpSCCM’s repository. SharpSCCM is a tool...
Nov 7, 2023 • 10 min read
Read Post
Research & Tradecraft
Token stealing is getting harder. Instead, stealing whole logged-in browser instances may be an easier and...
Nov 7, 2023 • 9 min read
Read Post
Research & Tradecraft
Written by Nico Shyne & Josh Prager Introduction Part II In the first installment of “Domain of Thrones,”...