Written by Joshua Prager and Emily Leidy

Ghostwriter v3.1 is now available! This release introduces several new features along with a host of minor improvements.

It’s dangerous to defend the registry alone! Take this!

Part 1: TelemetrySource

This post was written by Will Schroeder and Lee Christensen.

Stalking inside of your Chromium Browser Revisiting Remote Debugging Okay, you got your favorite agent running on the target machine. You did a process listing, but nothing interesting popped out …

How Certificate Based Authentication works, passwordless persistence with CBA, passwordless privilege escalation, prevention, detection, and more.

Your new best friend: Introducing BloodHound Community Edition!

In this blog post, we’ll answer the question, “If I compromise a Read-Only Domain Controller, can I compromise the domain?” or, “Do RODCs belong in Tier Zero?”

Introduction

Intro

Threat Intelligence ETW

In this post, we examine BOFHound-compatible BOFs and usage examples that allow an operator to take a manual and targeted approach to attack path mapping.

Contextualizing Tier Zero TL;DR An accurately defined Tier Zero provides an accurate depiction of Attack Path Findings in your BHE tenant. Different principals (groups, GPOs, OUs, etc.) have different implications when Tier Zero is defined — understanding…