If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. – Sun Tzu, “Art of War”

When you’re on the Blue Team, you’re expected to understand the systems you have to secure and the configurations to look out for. New vulnerabilities and attack paths are constantly being discovered, and it seems like there is an ever-growing list of things to not do wrong. Sometimes, though, we need to think beyond lists of vulnerabilities and put ourselves in the shoes of an attacker.

In this series, we will dissect not just what an attacker can do to get access to credentials, but also what they would do after getting that initial access. We will walk through a different threat scenario in each part of the series and tell stories of malicious hackers that are either true, based on a true incident, or reasonably theoretical.