blog category
Research & Tradecraft
Research & Tradecraft
TL;DR Due to modern advances in the AD CS attack landscape, an update to Certify was...
By: Valdemar Carøe
Aug 11, 2025 • 16 min read
Read Post
Research & Tradecraft
TL;DR We took a chainsaw to Nemesis 1.0, kept the parts that operators loved (i.e., automated...
By: Will Schroeder
Aug 5, 2025 • 7 min read
Read Post
Research & Tradecraft
What’s Your Secret?: Secret Scanning by DeepPass2
TL;DR DeepPass2 is a secret scanning tool that combines regex rules, a fine-tuned BERT model, and...
By: Neeraj Gupta
Jul 31, 2025 • 14 min read
Read Post
Research & Tradecraft
Entra Connect Attacker Tradecraft: Part 3
TL;DR Attackers can exploit Entra Connect sync accounts to hijack device userCertificate properties, enabling device impersonation...
By: Daniel Heinsen
Jul 30, 2025 • 16 min read
Read Post
Research & Tradecraft
Make Sure to Use SOAP(y) – An Operators Guide to Stealthy AD Collection Using ADWS
Learn how to perform stealthy recon of Active Directory environments over ADWS for Red Team Assessments
By: Logan Goins
Jul 25, 2025 • 17 min read
Read Post
Research & Tradecraft
TL;DR: Ghostwriter now supports real-time collaborative editing for observations, findings, and report fields using the YJS...
By: Christopher Maddalena
Jul 23, 2025 • 4 min read
Read Post
Research & Tradecraft
I’d Like to Speak to Your Manager: Stealing Secrets with Management Point Relays
TL;DR Network Access Account, Task Sequence, and Collection Settings policies can be recovered from SCCM by...
By: Garrett Foster
Jul 15, 2025 • 24 min read
Read Post
Research & Tradecraft
Machine Learning Series Chapter 1
MICROGRAD FOR MORTALS TL;DR Let’s use Micrograd to explain core ML concepts like supervised learning, regression,...
By: Diego lomellini
Jul 2, 2025 • 42 min read
Read Post
Research & Tradecraft
Misconfiguration Manager: Still Overlooked, Still Overprivileged
TL;DR It has been one year since Misconfiguration Manager’s release and the security community has been...