blog category
Research & Tradecraft
Research & Tradecraft
OneLogin, Many Issues: How I Pivoted from a Trial Tenant to Compromising Customer Signing Keys
TL;DR OneLogin was found to have security vulnerabilities in its AD Connector service that exposed authentication...
By: Julian Catrambone
Jun 10, 2025 • 11 min read
Read Post
Research & Tradecraft
Update: Dumping Entra Connect Sync Credentials
TL;DR Microsoft has recently changed how Entra Connect Sync authenticates to Entra ID. This blog post...
By: Daniel Heinsen
Jun 9, 2025 • 10 min read
Read Post
Research & Tradecraft
TL;DR Tokenization Confusion: We look at the new Prompt Guard 2 model from Meta, how “confusing”...
By: Adam Chester
Jun 3, 2025 • 20 min read
Read Post
Research & Tradecraft
TL;DR: This post shows how COM hijacking can serve as a reliable persistence method while also...
By: Antero Guy
May 28, 2025 • 7 min read
Read Post
Research & Tradecraft
Understanding & Mitigating BadSuccessor
TL;DR: BadSuccessor is a new AD attack primitive that abuses dMSAs, allowing an attacker who can...
By: Jim Sykora
May 27, 2025 • 24 min read
Read Post
Research & Tradecraft
The Renaissance of NTLM Relay Attacks: Everything You Need to Know
NTLM relay attacks have been around for a long time. While many security practitioners think NTLM...
By: Elad Shamir
Apr 8, 2025 • 40 min read
Read Post
Research & Tradecraft
As part of my role as Service Architect here at SpecterOps, one of the things I’m...
By: Adam Chester
Apr 8, 2025 • 12 min read
Read Post
Research & Tradecraft
An Operator’s Guide to Device-Joined Hosts and the PRT Cookie
About five years ago, Lee Chagolla-Christensen shared a blog detailing the research and development process behind...
By: Matt Creel
Apr 7, 2025 • 15 min read
Read Post
Research & Tradecraft
Do You Own Your Permissions, or Do Your Permissions Own You?
tl;dr: Less FPs for Owns/WriteOwner and new Owns/WriteOwnerLimitedRights edges Before we get started, if you’d prefer...