Tag
red team
red team
Weaponizing Whitelists: An Azure Blob Storage Mythic C2 Profile
TL;DR: Mature enterprises lock down egress but often carve out broad exceptions for trusted cloud services....
Jan 30, 2026
Read Post
red team
Introducing ConfigManBearPig, a BloodHound OpenGraph Collector for SCCM
tl;dr: Security researchers have discovered 30+ unique attack techniques targeting SCCM in the past several years,...
Jan 13, 2026
Read Post
red team
Less Praying More Relaying – Enumerating EPA Enforcement for MSSQL and HTTPS
TL;DR – It’s important to know if your NTLM relay will be prevented by integrity protections...
Nov 25, 2025
Read Post
red team
TL;DR: You can use PingOneHound in conjunction with BloodHound Community Edition to discover, analyze, execute, and...
Oct 20, 2025
Read Post
red team
DCOM Again: Installing Trouble
TL;DR I am releasing a DCOM lateral movement beacon object file (BOF) that uses the Windows...
Sep 29, 2025
Read Post
red team
Dough No! Revisiting Cookie Theft
TL;DR Chromium based browsers have shifted from using the user’s Data Protection API (DPAPI) master key...
Aug 27, 2025
Read Post
red team
Entra Connect Attacker Tradecraft: Part 3
TL;DR Attackers can exploit Entra Connect sync accounts to hijack device userCertificate properties, enabling device impersonation...
Jul 30, 2025
Read Post
red team
1Password Secret Retrieval — Methodology and Implementation
Background and Motivation 1Password is a password manager developed by AgileBits Inc., providing a place for users to store...
Aug 17, 2021
Read Post
red team
Hands in the Cookie Jar: Dumping Cookies with Chromium’s Remote Debugger Port
Introduction EDIT 7/16/23: Chromium added protections against this technique. Additional details can be found here: https://slyd0g.medium.com/debugging-cookie-dumping-failures-with-chromiums-remote-debugger-8a4c4d19429f This...