BlackArrow's Blog

Red team & Threat hunting Blog - offensive security

One shell to HANDLE them all
One shell to HANDLE them all
Written by: - Kurosh Dabbagh

Introduction During a Red Team engagement, the exploitation of vulnerabilities in web apps usually offers a good chanc[...]

AD CS: from ManageCA to RCE
AD CS: from ManageCA to RCE
Written by: - Pablo Martínez, Kurosh Dabbagh

Introduction In our previous article, we covered an engagement where it was necessary to execute the ESC7 attack to esca[...]

AD CS: weaponizing the ESC7 attack
AD CS: weaponizing the ESC7 attack
Written by: - Kurosh Dabbagh

Introduction to AD CS ESC7 Last year, SpecterOps published an in-depth research about the security state in Active Dir[...]

1 2 3 4