Edit 07/13/22: After an awesome back and forth with Clément Notin and @SteveSyfuhs on Twitter on the effects of “TokenLeakDetectDelaySecs”…

Offensive tooling built upon the .NET framework and its runtime environment, the Common Language Runtime (CLR), is an important part of…

Part 1: Discovering API Function Usage through Source Code Review

Thank you to SpecterOps for supporting this research and to Duane and Matt for proofreading and editing! Crossposted on GitHub.

Welcome back to my On Detection: Tactical to Functional series. In the first post in this series, we explored the source code for Mimikatz’s sekurlsa::logonPasswords command. We discovered that…

The BloodHound Enterprise team is proud to announce the release of BloodHound 4.2 — The Azure Refactor.

Part 5: Expanding the Operation Graph

Part 4: Compound Functions

In the previous post in this series, I introduced the concept of operations and demonstrated how each operation has a function call graph that undergirds it. In that post, I purposely presented…

Welcome back to my On Detection: Tactical to Functional series. In the first post in this series, we explored the source code for Mimikatz’s sekurlsa::logonPasswords command. We discovered that…

Beyond COM

Written by Joshua Prager and Emily Leidy

Ghostwriter v3.1 is now available! This release introduces several new features along with a host of minor improvements.

This is a series of blog posts designed to give you a ground-up start to defending a specific technology from potential attackers.

Part 1: TelemetrySource

This post was written by Will Schroeder and Lee Christensen.

Stalking inside of your Chromium Browser Revisiting Remote Debugging Okay, you got your favorite agent running on the target machine. You did a process listing, but nothing interesting popped out …