2023
- 28 Feb Pass The Certificate when PKINIT Padata Type is NOSUPP
- 18 Jan Revisiting a Credential Guard Bypass From Wdigest
2022
- 27 May Privilege Escalation - Exploiting RBCD Using a User Account
- 21 May PetitPotato - How Do I Escalate To SYSTEM Via Named Pipe
- 19 May Domain Escalation - Certifried combined with KrbRelay
- 12 May Certifried - Active Directory 域权限提升漏洞(CVE-2022–26923)
- 02 May Privilege Escalation - NTLM Relay over HTTP (Webdav)
- 28 Apr UAC Bypass - Exploit Leaked Process Handles
- 27 Apr Shadow Credentials
- 26 Apr 使用 MITM6 通过 DNS 中继 Kerberos 身份验证
- 26 Mar 使用 MITM6 中继 WPAD 身份验证
- 15 Mar Attack Surface Mining For AD CS
- 12 Mar Abusing Domain Delegation to Attack Active Directory
- 17 Jan Domain Persistence – Machine Account