BloodHound from First Run to Domain Admin: A Practical Red Team Guide
A hands-on red team guide to BloodHound CE — from SharpHound data collection to reading attack paths and finding the fastest route to Domain Admin in Active Directory.
Security Research & Analysis
Offensive thinking.
Offensive thinking.
Defensive expertise.
In-depth research on red team techniques, threat analysis, and blue team strategy. No fluff — only what matters.
Featured
Latest research
Archive
Recent posts
Shadow Credentials: Account Takeover Without a Password
Shadow Credentials abuse msDS-KeyCredentialLink via DACL misconfiguration to add a rogue certificate, authenticate via PKINIT, and extract NT hashes — no password required.
AitM Phishing: How Attackers Bypass MFA and How to Stop Them
Adversary-in-the-Middle phishing silently proxies real login pages and steals session tokens — making MFA useless. Here's how it works and how to detect it.
Canary Tokens: Free Tripwires That Catch Attackers in the Act
Canary tokens are digital tripwires that alert you the moment an attacker touches something they shouldn't. Free, no-install, and zero false positives.
Non-Human Identities: The Attack Surface Your Security Team Isn't Managing
Service accounts, API keys, OAuth tokens and machine credentials now outnumber human identities 144 to 1. Most organizations have zero visibility into them. Attackers do.
Why Enterprise VPN and Gateway Products Are Perpetually Broken
Ivanti, Fortinet, Palo Alto — the names change but the pattern doesn't. Here's the structural reason why enterprise edge devices are permanently on fire and what you can do about it.
Telegram as a C2 Server: How It Works and How to Detect It
Attackers use Telegram's Bot API as command-and-control infrastructure — no Telegram install needed on the victim machine. Here's the mechanics, real-world examples, and blue team detection strategies.