Practical writing from real IR work โ proactive hardening, reactive response, and everything in between. No vendor angles, no theoretical frameworks.
Three tiers, a Control Plane, and real organizational friction. How to implement EAM in an enterprise that wasn't designed for it โ the Tier 0 assets people miss, the things that break, and why it's worth doing anyway.
Read article โA PowerShell GUI tool for delegating AD helpdesk tasks without granting Domain Admin privileges. Solve password resets and account management securely.
Kerberoasting exploits TGS ticket requests for SPN accounts. Learn how attackers crack service account passwords offline and what you can do to stop it.
How to run BloodHound proactively, write Cypher queries that surface real risk, and turn graph data into a remediation backlog your team can actually work through.
Threat actor eviction from Active Directory is one of the hardest IR problems. The decisions made in the first 48 hours determine whether you succeed โ or give the attacker a way back.
AD Connect sync, Pass-Through Authentication, seamless SSO โ each one is a bridge that can be crossed the wrong way. Most defenders don't know they exist until an incident reveals them.
Built-in AD mechanisms designed to protect privileged accounts โ routinely misconfigured, occasionally abused, and almost always misunderstood.
4624, 4768, 4769, 4771, 4776 โ and about a dozen others. A practical guide to the Windows event logs that reveal Kerberoasting, AS-REP roasting, lateral movement, and DCSync in progress.
A walk-through of a real intrusion pattern โ credential theft, lateral movement, Kerberoasting, and DCSync. Sanitized, but this is what it actually looks like from the IR side.
Privileged access management without the enterprise price tag. What actually works, in plain terms, with implementation notes from real deployments.
Conditional Access is powerful and frequently misconfigured. The policies worth enabling, the gaps that leave accounts exposed, and how to test without locking yourself out.