Protect mission-critical assets from identity compromise with new Privilege Zones in BloodHound Enterprise. Learn More
Get a Demo
blog category

Research & Tradecraft

image for ADCS ESC13 Abuse Technique

Research & Tradecraft

ADCS ESC13 Abuse Technique

It is possible to configure an Active Directory Certificate Services (ADCS) certificate template with an issuance...

By: Jonas Bülow Knudsen
Feb 14, 2024 • 15 min read
Read Post
image for Directory.ReadWrite.All Is Not As Powerful As You Might Think

Research & Tradecraft

Directory.ReadWrite.All Is Not As Powerful As You Might Think

Directory.ReadWrite.All is an MS Graph permission that is frequently cited as granting high amounts of privilege,...

By: Andy Robbins
Feb 12, 2024 • 11 min read
Read Post
image for Spinning Webs — Unveiling Arachne for Web Shell C2

Research & Tradecraft

Spinning Webs — Unveiling Arachne for Web Shell C2

Spinning Webs — Unveiling Arachne for Web Shell C2 What is a web shell? A web shell is a payload...

By: Cody Thomas
Feb 7, 2024 • 11 min read
Read Post
image for Microsoft Breach — What Happened? What Should Azure Admins Do?

Research & Tradecraft

Microsoft Breach — What Happened? What Should Azure Admins Do?

Microsoft Breach — What Happened? What Should Azure Admins Do? On January 25, 2024, Microsoft published a blog post...

By: Andy Robbins
Feb 2, 2024 • 11 min read
Read Post
image for BOFHound: Session Integration

Research & Tradecraft

BOFHound: Session Integration

Background If you’ve found yourself on a red team assessment without SharpHound (maybe due to OPSEC...

By: Matt Creel
Jan 30, 2024 • 13 min read
Read Post
image for ADCS Attack Paths in BloodHound — Part 1

Research & Tradecraft

ADCS Attack Paths in BloodHound — Part 1

ADCS Attack Paths in BloodHound — Part 1 Since Will Schroeder and Lee Christensen published the Certified Pre-Owned whitepaper,...

By: Jonas Bülow Knudsen
Jan 24, 2024 • 16 min read
Read Post
image for Calling Home, Get Your Callbacks Through RBI

Research & Tradecraft

Calling Home, Get Your Callbacks Through RBI

Authored By: Lance B. Cain and Alexander DeMine Overview Remote Browser Isolation (RBI) is a security...

By: Lance B. Cain
Jan 17, 2024 • 22 min read
Read Post
image for Sleepy — Python Tooling for Sleep

Research & Tradecraft

Sleepy — Python Tooling for Sleep

Sleepy — Python Tooling for Sleep Thank you to SpecterOps for supporting this research and to Sarah, Cody, and...

By: Evan McBroom
Dec 14, 2023 • 7 min read
Read Post
image for Mythic v3.2 Highlights: Interactive Tasking, Push C2, and Dynamic File Browser

Research & Tradecraft

Mythic v3.2 Highlights: Interactive Tasking, Push C2, and Dynamic File Browser

TL;DR; Mythic v3.2 has Push C2, Interactive Async Tasking, TypedArray parameters, new graphing libraries in the...

By: Cody Thomas
Nov 29, 2023 • 10 min read
Read Post