blog category
Research & Tradecraft
Research & Tradecraft
On Detection: Tactical to Functional
Part 10: Implicit Process Create Introduction Welcome back to another installment of the On Detection: Tactical to...
Nov 1, 2023 • 22 min read
Read Post
Research & Tradecraft
Lateral Movement: Abuse the Power of DCOM Excel Application
In this post, we will talk about an interesting lateral movement technique called ActivateMicrosoftApp() method within...
Oct 30, 2023 • 10 min read
Read Post
Research & Tradecraft
CVE-2023–4632: Local Privilege Escalation in Lenovo System Updater
Version: Lenovo Updater Version <= 5.08.01.0009 Operating System Tested On: Windows 10 22H2 (x64) Vulnerability: Lenovo...
Oct 26, 2023 • 5 min read
Read Post
Research & Tradecraft
On Detection: Tactical to Functional
Part 9: Perception vs. Conception The concepts discussed in this post are related to those discussed...
Oct 20, 2023 • 18 min read
Read Post
Research & Tradecraft
Bloodhound Enterprise: securing Active Directory using graph theory
BloodHound Enterprise: securing Active Directory using graphs Prior to my employment at SpecterOps, I hadn’t worked in...
Oct 20, 2023 • 6 min read
Read Post
Research & Tradecraft
Uncovering RPC Servers through Windows API Analysis
Intro Have you ever tried to reverse a simple Win32 API? If not, let’s look at...
Oct 18, 2023 • 18 min read
Read Post
Research & Tradecraft
Perfect Loader Implementations
Thank you to SpecterOps for supporting this research and to Lee and Sarah for proofreading and...
Oct 9, 2023 • 6 min read
Read Post
Research & Tradecraft
One Site to Rule Them All tl;dr: There is no security boundary between sites in the same...
Sep 25, 2023 • 13 min read
Read Post
Research & Tradecraft
Ghostwriter v4: 2FA, RBAC, and Logging, Oh My!
Ghostwriter v4 is officially here! Technically, it’s been available as a release candidate for a while,...