Azure PIM Default Configuration Creates “Shadow Admin” Risks

Hybrid Identities: The On-Prem to Cloud Connection

Preventing BlackMatter Ransomware from Encryption of Available Remote Share

MailSniper – You Can Teach an Old Dog New Tricks: Pwn O365-based Organizations by Leveraging PRT-based SSO

When Everyone’s Dog Is Named Fluffy

Externalizing deception: The creation and use of deceptive Open Source Intelligence

Deconstructing a Modern Bank Heist: the [not] Carbanak source code leak

Why and How to Extract Network Connection Timestamps for DFIR Investigations

Improving Cyber Investigation Outcomes through Better Visualization of Historic Process Execution Events

Windows Console Command History: Valuable Evidence for Live Response Investigation