Introducing BloodHound Scentry: Accelerate your APM practice. Learn More
Tag

lateral movement

SCOMmand and Conquer – Attacking System Center Operations Manager (Part 1)

lateral movement

SCOMmand and Conquer – Attacking System Center Operations Manager (Part 1)

TL:DR SCOM suffers from similar insecure default configurations as its SCCM counterpart, enabling attackers to escalate...

Dec 10, 2025
Read Post
SCCM Hierarchy Takeover via Entra Integration…Because of the Implication

lateral movement

SCCM Hierarchy Takeover via Entra Integration…Because of the Implication

TL;DR SCCM sites (prior to KB35360093) integrated with Entra ID can be abused to compromise the...

Nov 19, 2025
Read Post
WriteAccountRestrictions (WAR) – What is it good for?

lateral movement

WriteAccountRestrictions (WAR) – What is it good for?

TL;DR A lot of things. The User-Account-Restrictions property grants read/write permissions to the user-account-control LDAP attribute,...

Oct 1, 2025
Read Post
DCOM Again: Installing Trouble

lateral movement

DCOM Again: Installing Trouble

TL;DR I am releasing a DCOM lateral movement beacon object file (BOF) that uses the Windows...

Sep 29, 2025
Read Post
Lateral Movement — SCM and DLL Hijacking Primer

lateral movement

Lateral Movement — SCM and DLL Hijacking Primer

Summary As Defenders increase in maturity, the more they are able to leverage built-in utilities against...

Apr 18, 2019
Read Post