ThruntOps I have started building ThruntOps, a Ludus-based lab for security testing, detection engineering, and attack-path validation. The idea is simple: have a reproducible environment that is...

The Times They Are A-Changin’ When I first started testing AI interfaces, one of the first things I did was audit my old code — Ruby bits and Python 2 utilities I’d built over the years for work. ...

In short Document owner: Security Engineering Audience: Security teams, engineering leads, risk/compliance, external testers (authorized) Purpose: Repeatable methodology and test matrix for assess...

OSINT Tooling Catalog & Investigation Playbooks Executive summary for leadership This document consolidates OSINT tools and repeatable playbooks to accelerate investigations, due diligence...

AD CS: Summary of Attack Paths (ESCs) This post provides an overview of the documented Enterprise Security Configurations (ESCs) that illustrate various attack paths in Active Directory Certificat...

AD CS: Key Concepts This entry outlines the fundamental concepts behind Active Directory Certificate Services (AD CS) and its critical role in Windows security. Understanding these concepts is ess...

Summary of SCCM-Specific Tactics and Techniques Scope This document summarizes tactics and techniques associated with Microsoft Configuration Manager (SCCM / MECM / ConfigMgr), using the Synzack/...

GOAD (Game of Active Directory) GOAD is an automated Active Directory lab developed by Orange Cyberdefense. It allows the deployment of realistic multi-domain AD environments with controllers, wor...

Reference: https://lolbas-project.github.io/lolbas/Binaries/Bitsadmin/#download The tool has been removed in versions older than the ones I have in the lab. These are the commands as shown on the...

Some time ago, I discussed with colleagues the importance of monitoring anything that can execute shellcode. We discussed some high level ideas: What to watch Process creation and parent chain...