GUI/Graph Queries Find All edges any owned user has on a computer MATCH p=shortestPath((m:User)-[r]->(b:Computer)) WHERE m.owned RETURN p Find All Users with an SPN/Find all
Offensive Lateral Movement
Lateral movement is the process of moving from one compromised host to another. Penetration testers and red teamers alike commonly used to accomplish this by executing powershell.exe to run a base64 encoded command on the remote host, which would return a beacon. The problem with this is that offensive PowerShell is not a new concept […]
AzureHound cypher cheatsheet
List of Cypher queries to help analyze AzureHound data. Queries under ‘GUI’ are intended for the BloodHound GUI (Settings>Query Debug Mode). Queries under ‘Console’ are
Using a C# shellcode runner and confuserex to Bypass uac while evading av
I was recently on an engagement where we phished in and ran into UAC which gave me more trouble than I expected. When a user
Kerberosity Killed the Domain: An Offensive Kerberos Overview
Kerberos is the preferred way of authentication in a Windows domain, with NTLM being the alternative. Kerberos authentication is a very complex topic that can
Attacking Azure, Azure AD, and Introducing PowerZure
Over the past decade, Azure’s presence in businesses has grown significantly as new features and support were added to Azure. The purpose of this article
