CVE-2026-4387: StrongDM State File Reuse 2026-06-01 True True Don’t Jump the Turnstile: Lessons from the Field 2026-05-28 True True Shift Happens – Uncovering Two Built-in Command Injections in Windows Context Menus 2026-05-07 True True The Accidental C2: Exploring Dev Tunnels for Remote Access 2026-05-06 True True Vercel Breach Analysis: How an OAuth Token Became an Identity Attack Path 2026-04-21 True True Into The Rainbow: Google’s NTLMv1 Rainbow Tables Explained in a Bit Too Much Detail 2026-04-16 True True ghostsurf: From NTLM Relay to Browser Session Hijacking 2026-04-02 True True JamfHound v1.1 Update: SSO Attack Paths and Okta Additions 2026-03-31 True True When Vendor Documentation Creates Critical Attack Paths 2026-03-24 True True Discovering Unexpected Okta Attack Paths with BloodHound 2026-03-23 True True Graph the Planet: Shai-Hulud 2.0 2026-03-19 True True Introducing Attack Path Management for GitHub in BloodHound Enterprise 2026-03-18 True True Offensive DPAPI With Nemesis 2026-03-04 True True V8 Heap Archaeology: Finding Exploitation Artifacts in Chrome's Memory 2026-02-11 True Liam D True Microsoft’s “Immediate” Retirement of MDT 2026-01-21 True Garrett Foster True Updates to the MSSQLHound OpenGraph Collector for BloodHound 2026-01-20 True Chris Thompson True MSSQL and SCCM Elevation of Privilege Vulnerabilities 2026-01-15 True Chris Thompson True Wait, Why is my WebClient Started?: SCCM Hierarchy Takeover via NTLM Relay to LDAP 2026-01-14 True Logan Goins True Attacking System Center Operations Manager (Part 1) 2025-12-10 True Garrett Foster True An Evening with Claude (Code) 2025-11-21 True Adam Chester True SCCM Hierarchy Takeover via Entra Integration…Because of the Implication 2025-11-19 True Garrett Foster True Catching Credential Guard Off Guard 2025-10-23 True Valdemar Carøe True The (Near) Return of the King: Account Takeover Using the BadSuccessor Technique 2025-10-20 True Logan Goins True NAA or BroCI...? Let Me Explain 2025-10-15 True Hope Walker True WriteAccountRestrictions (WAR) 2025-10-01 True Garrett Foster True The Salesloft–Drift Breach: An Attack Path Case Study 2025-09-24 True Jared Atkinson True The (Static) Keys to Abusing PDQ SmartDeploy 2025-08-12 True Garrett Foster True Certify 2.0 2025-08-11 True Valdemar Carøe True Entra Connect Attacker Tradecraft: Part 3 2025-07-30 True Daniel Heinsen True I’d Like to Speak to Your Manager: Stealing Secrets with Management Point Relays 2025-07-15 True Garrett Foster True Untrustworthy Trust Builders: Account Operators Replicating Trust Attack (AORTA) 2025-06-25 True Jonas Bülow Knudsen True Administrator Protection Review 2025-06-18 True Adam Chester True OneLogin, Many Issues: How I Pivoted from a Trial Tenant to Compromising Customer Signing Keys 2025-06-10 True Julian Catrambone True Understanding & Mitigating BadSuccessor 2025-05-27 True Jim Sykora True Apollo 2.0 — New Year, New Features 2022-02-02 True Dwight Hohnstein True Azure Privilege Escalation via Azure API Permissions Abuse 2021-12-01 True Andy Robbins True 1Password Secret Retrieval — Methodology and Implementation 2021-08-17 True Dwight Hohnstein True Certified Pre-Owned 2021-06-17 True Will Schroeder True Attacking FreeIPA — Part IV: CVE-2020–10747 2020-06-28 True Julian Catrambone True War Never Changes: Attacks Against WPA3’s “Enhanced Open” — Part 3: OWE Nearly Indistinguishable From Open Wireless In Terms of Risk 2020-02-12 True Gabriel Ryan True 
