Offsec Ramblings

Offsec Ramblings

Home
Archive
About
An Operator’s Guide to Device-Joined Hosts and the PRT Cookie
Introduction
Apr 7 • 
Matt Creel
3

December 2024

Breaching AWS Course Review
CloudBreach's OAWSP Certification
Dec 27, 2024 • 
Matt Creel

October 2024

BOFHound: AD CS Integration
A targeted approach to AD CS enumeration
Oct 30, 2024 • 
Matt Creel

August 2024

TAKEOVER-1 with PySQLRecon
The intersection of SQL and SCCM exploitation
Aug 10, 2024 • 
Matt Creel

January 2024

BOFHound: Session Integration
Background
Jan 30, 2024 • 
Matt Creel

November 2023

Abusing Slack for Offensive Operations: Part 2
When I first started diving into offensive Slack access, one of the best public resources I found was a blog post by Cody Thomas from back in 2020…
Nov 10, 2023 • 
Matt Creel
1

November 2022

RITM In-Depth
Taking a closer look at the Roast-in-the-Middle attack
Nov 14, 2022 • 
Matt Creel

February 2022

Reintroducing redlure
A year and a half later - the redlure setup guide
Feb 21, 2022 • 
Matt Creel

January 2022

Utilizing Mailcow for Phishing
Setting Up a Self-Hosted Mail Server with Mailcow
Jan 25, 2022 • 
Matt Creel

September 2021

Lateral Movement with LiquidSnake
Playing with Cobalt Strike and LiquidSnake
Sep 13, 2021 • 
Matt Creel

February 2021

SOCKS Proxy Relaying
Transitioning to multi-relay attacks with ntlmrelayx
Feb 15, 2021 • 
Matt Creel
SharpInjector
Experimenting with a shellcode runner
Feb 4, 2021 • 
Matt Creel
© 2025 Matthew Creel
Privacy ∙ Terms ∙ Collection notice
Start writingGet the app
Substack is the home for great culture