Shai-Hulud Is Back, and This Time It Ate the Whole Ecosystem 2026-05-21 True True ARP Around and Find Out: Hijacking GPO UNC Paths for… 2026-04-30 True True Benchmarking Self-Hosted LLMs for Offensive Security 2026-04-14 True True IAM the Captain Now – Hijacking Azure Identity Access 2026-04-09 True True Building a Detection Foundation: Part 5 - Correlation in Practice 2026-04-07 True True Full Disclosure: A Third (and Fourth) Azure Sign-In Log Bypass Found 2026-03-19 True True LnkMeMaybe - A Review of CVE-2026-25185 2026-03-13 True True Building a Detection Foundation: Part 1 - The Single-Source Problem 2026-03-06 True True Notepad++ Plugins: Plug and Payload 2026-02-19 True True Keys to JWT Assessments - From a Cheat Sheet to a Deep Dive 2026-02-05 True True LDAP Channel Binding and LDAP Signing 2026-01-29 True True Adventures in Primary Group Behavior, Reporting, and Exploitation 2026-01-22 True True Abusing Windows Built-in VPN Providers 2025-12-16 True True CORS Findings: Another Way to Comprehend 2025-12-15 True True Hack-cessibility: When DLL Hijacks Meet Windows Helpers 2025-11-25 True True Detecting Active Directory Password-Spraying with a Honeypot Account 2025-10-17 True True Skimming Credentials with Azure's Front Door WAF 2025-10-14 True True Hiding in the Shadows: Covert Tunnels via QEMU Virtualization 2025-10-02 True True Dragging Secrets Out of Chrome: NTLM Hash Leaks via File URLs 2025-09-25 True True WSUS Is SUS: NTLM Relay Attacks in Plain Sight 2025-09-19 True True Red Alert: Massive cyber wire fraud attacks on US Companies 2025-08-07 True True The Backup Paradigm Shift: Moving Toward Attack Response Systems 2025-08-06 True True Attacks on the Rise Through Office 365 2025-08-06 True True An 'Attack Path' Mapping Approach to CVEs 2021-42287 and 2021-42278 2025-08-04 True True Let's Clone a Cloner - Part 3: Putting It All Together 2025-07-31 True True Azure's Front Door WAF WTF: IP Restriction Bypass 2025-07-10 True True CVE-2025-1729 - Privilege Escalation Using TPQMAssistant.exe 2025-07-08 True True Full Disclosure, GraphGhost: Are You Afraid of Failed Logins? 2025-07-03 True True Abusing Chrome Remote Desktop on Red Team Operations: A… 2025-07-01 True True Achieving Passive User Enumeration with OneDrive 2025-06-30 True True OneDrive to Enum Them All 2025-06-30 True True Bypassing Virtualization and Sandbox Technologies 2025-06-20 True True Attacking JWT using X509 Certificates 2025-06-17 True True Hunting Deserialization Vulnerabilities With Claude 2025-06-12 True True Red Team Gold: Extracting Credentials from MDT Shares 2025-05-20 True True Office 365 - Advanced Threat Protection (ATP): Features and Shortfalls 2025-04-25 True True Discovering the Anti-Virus Signature and Bypassing It 2025-04-25 True True Threat Hunting - Outbound RDP Surprises 2025-04-25 True True Malicious Macros for Script Kiddies 2025-04-25 True True Critical Guidance on the CVE 2022-22965 (Spring4Shell) Vulnerability 2025-04-25 True True CVE-2022-24696 - Glance by Mirametrix Privilege Escalation 2025-04-25 True True WMI Providers for Script Kiddies 2025-04-25 True True Diving into Pre-Created Computer Accounts 2025-04-25 True True Practical OAuth Abuse for Offensive Operations – Part 1 2025-04-25 True True How Far Should You Let Penetration Testers Go? 2025-04-22 True True Kubernetes for Pentesters: Part 1 2025-04-08 True True EKUwu: Not just another AD CS ESC 2025-03-27 True True Offensively Groovy 2025-03-27 True True Spec-tac-ula Deserialization: Deploying Specula with .NET 2025-03-27 True True Malware Series: Process Injection Mapped Sections 2025-03-27 True True 
