cat /var/log/study-notes.md
A research notebook for offensive security in progress.
Notes from daily study, written up and published every few days — Active Directory attack paths, cloud and Kubernetes security, and red team tradecraft, documented as I learn it.
Recently published
Latest articles
Article Title
One or two sentences describing what the article covers.
Active Directory ACL Abuse: From WriteOwner to Domain Admin
How misconfigured Access Control Lists on AD objects turn into full domain escalation paths, and how BloodHound maps the graph.
Kerberoasting: Why Service Accounts Are Still the Easiest Way In
The Kerberos TGS-REQ mechanics that make service account password cracking possible, and why it remains effective years after being publicized.
ADCS Misconfigurations: Understanding ESC1 and ESC3
Two of the most common Active Directory Certificate Services escalation paths, why they exist, and how they map onto certificate template permissions.
NTLM Relay: Why Authentication Coercion Still Works
The mechanics behind NTLM relay attacks, common coercion primitives like PetitPotam, and the signing and channel-binding controls that actually stop them.
Worth a deeper look
Featured
Article Title
One or two sentences describing what the article covers.
Active Directory ACL Abuse: From WriteOwner to Domain Admin
How misconfigured Access Control Lists on AD objects turn into full domain escalation paths, and how BloodHound maps the graph.
ADCS Misconfigurations: Understanding ESC1 and ESC3
Two of the most common Active Directory Certificate Services escalation paths, why they exist, and how they map onto certificate template permissions.
Browse by topic
Categories
Active Directory
4ACLs, Kerberos abuse, ADCS, lateral movement, and domain escalation paths.
Cloud Security
0AWS, GCP, Azure, and Alibaba Cloud misconfigurations and attack paths.
Kubernetes & AKS
0Cluster architecture, RBAC, network policy, and container breakout mechanics.
Network Security
1Protocol internals, relay attacks, segmentation, and firewall review notes.
Web & API Security
0Authentication logic, session handling, and API abuse patterns.
Red Team Tradecraft
0Tooling, evasion concepts, and operational notes from CRTO study.