Writing
Opinions, analysis, and insights from real engagements. No vendor fluff.
All Posts
OAuth Vulnerabilities: When Authentication Goes Wrong
Common OAuth implementation flaws that lead to account takeover.
Read MoreAPI Security Testing: A Practical Guide
Essential techniques for finding vulnerabilities in modern APIs.
Read MoreYour EDR Did Not Stop Me: Why Endpoint Detection Fails Against AD Attacks
EDR products excel at catching malware but consistently fail to detect Active Directory attacks that abuse legitimate protocols and built-in tools.
Read MoreWhy MFA Fails Inside the Network: AD Authentication Gaps Attackers Exploit
Your MFA protects the front door, but inside the network Active Directory authentication has no second factor. Here is how to close the gap.
Read MoreThe Active Directory Kill Chain: How Attackers Move from Foothold to Domain Admin
A step-by-step breakdown of the AD attack kill chain and where defenders should place detection and prevention controls at each stage.
Read MoreLAPS, gMSAs, and Tiered Administration: The Three Pillars of AD Defense
How to properly implement the three most effective Active Directory hardening controls that block lateral movement and privilege escalation.
Read MoreKerberos Abuse: The Attacks Your Kerberos Infrastructure Enables
How attackers exploit Kerberos delegation, ticket forging, and service account weaknesses -- and what defenders must do to harden the protocol.
Read MoreSMB Signing: The One GPO That Would Have Stopped Me
Why SMB signing is the single most impactful Active Directory hardening control and how to deploy it without breaking your environment.
Read MoreNTLM Relay Attacks: Why Your Network Is an Open Door
How NTLM relay attacks work in practice and the concrete steps defenders must take to shut them down.
Read MoreActive Directory Attack Techniques I Use Most Often
A penetration tester's perspective on the most effective AD attacks.
Read MoreExplore More
Read my expertise pages, research, or prepare for a pentest.