archives

kerberoasting is old news. making it harder to detect isn't. here's what red can do to reduce the noise, and what blue can do beyond basic event ID filtering.

why enterprise proxy enforcement is fundamentally broken when firewalls trust client-side configuration, and how a single powershell line proves it.