Offsec Ramblings
Subscribe
Sign in
Home
Archive
About
An Operator’s Guide to Device-Joined Hosts and the PRT Cookie
Introduction
Apr 7, 2025
•
Matt Creel
3
Breaching AWS Course Review
CloudBreach's OAWSP Certification
Dec 27, 2024
•
Matt Creel
BOFHound: AD CS Integration
A targeted approach to AD CS enumeration
Oct 30, 2024
•
Matt Creel
Most Popular
View all
RITM In-Depth
Nov 14, 2022
•
Matt Creel
1
1
Breaching AWS Course Review
Dec 27, 2024
•
Matt Creel
Utilizing Mailcow for Phishing
Jan 25, 2022
•
Matt Creel
TAKEOVER-1 with PySQLRecon
Aug 10, 2024
•
Matt Creel
SOCKS Proxy Relaying
Feb 15, 2021
•
Matt Creel
BOFHound: Session Integration
Jan 30, 2024
•
Matt Creel
Latest
Top
TAKEOVER-1 with PySQLRecon
The intersection of SQL and SCCM exploitation
Aug 10, 2024
•
Matt Creel
BOFHound: Session Integration
Background
Jan 30, 2024
•
Matt Creel
Abusing Slack for Offensive Operations: Part 2
When I first started diving into offensive Slack access, one of the best public resources I found was a blog post by Cody Thomas from back in 2020…
Nov 10, 2023
•
Matt Creel
1
RITM In-Depth
Taking a closer look at the Roast-in-the-Middle attack
Nov 14, 2022
•
Matt Creel
1
1
Hunting Resource-Based Constrained Delegation in Active Directory
Recently, I have encountered a couple of environments susceptible to lateral movement through resource-based constrained delegation (RBCD) attacks…
Sep 9, 2022
•
Matt Creel
1
Granularize Your Active Directory Reconnaissance Game Part 2
Last month Fortalice open-sourced BOFHound, an offline BloodHound ingestor for raw ldapsearch results.
Jun 15, 2022
•
Matt Creel
1
Reintroducing redlure
A year and a half later - the redlure setup guide
Feb 21, 2022
•
Matt Creel
See all
Offsec Ramblings
My offensive security blog delving into ideas related to Active Directory, penetration testing and red teaming
Subscribe
Offsec Ramblings
Subscribe
About
Archive
Sitemap
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts
