In case you missed it, check out my Youtube channel with videos mostly related to Windows Internals: youtube.com/@zodiacon.

🔓Unlocked for everyone Deep dive into access tokens in Windows processes, link replies ...

The materials for my workshop: "Practical Malware Development" is finally available on GitHub. github.com/rad9800/PMD If any folk have questions, feel free to ping me in the OnlyMalware discord.

Cool beginner-level introduction to the PE format: youtube.com/watch?v=f1J07O… - featuring #PEbear 🐻: youtube.com/watch?v=f1J07O…

I jumped heavily into learning about SCCM tradecraft and wrote a detailed write-up with custom examples, covering the most interesting vulnerabilities that combine commonality and impact from low-privilege contexts, and what you can do to prevent them :) logan-goins.com/2025-04-25-scc…

A quick update to "The Ultimate WDAC Bypass List" - Added Bobby Cooke's excellent writeup and tradecraft for "Bypassing Windows Defender Application Control with Loki C2" (via Electron Apps) [ibm.com/think/x-force/…] github.com/bohops/Ultimat…

Good read for infosec professionals and enthusiasts goodreads.com/book/show/2703…

🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability It allows compromising any user in AD, it works with the default config, and.. Microsoft currently won't fix it 🤷‍♂️ Read Here - akamai.com/blog/security-…

Watching people argue about disclosure over the dMSA issue, but all I want to know is why AI didn’t prevent it.

I'm super happy to announce an operationally weaponized version of Yuval Gordon's BadSuccessor in .NET format! With a minimum of "CreateChild" privileges over any OU it allows for automatic escalation to Domain Admin (DA). Enjoy your inline .NET execution! github.com/logangoins/Sha…

I feel like with all the AI stuff, this is especially pertinent. “Use technology like the Amish” (be purposeful and reflective about it) artofmanliness.com/character/beha…

In 2024 I disclosed GraphNinja which allowed for silent password sprays against Azure. Today I am disclosing GraphGhost, where an attacker could generate a 'failed' login event while identifying that a password was valid. Both of these issues were silently fixed by Microsoft.

Windows Logon Types #ThreatHunting #DFIR

In terms of offsec, I have significant respect for technical skill, but a truly great practitioner knows to deliver information tactfully, and can carefully "read the room" (and the customer), tweaking the message on the fly to achieve not only the desired impact for the target

My first SpecterOps blog! Ever wanted to collect Active Directory information from LDAP for a Red Team? Using LDAP's more OPSEC-considerate cousin: ADWS can be used to improve upon the already present advantages of using smaller-scaling LDAP queries. specterops.io/blog/2025/07/2…

If you have Active Directory Certificate Services (ADCS) in your environment, run Locksmith now! In Active Directory Security Assessments, we have found critical security issues in *most* ADCS configurations. The great thing about Locksmith is that it doesn't just highlight the

[New Blog 📚] Trust Me, I’m a Legitimate Process: Verisimilitude and the Art of Hiding A short blog about the concept of Verisimilitude and its importance for attackers and defenders. Read More - nasbench.medium.com/trust-me-im-a-…

spencer I think the AD hardening series are a mandatory read for all defenders techcommunity.microsoft.com/tag/adhardening

youtube.com/watch?v=6UbKen…