Pass-the-Hash vs Pass-the-Ticket: Complete Guide

Active Directory credential attacks come in two flavors that confuse people constantly: Pass-the-Hash (PtH) and Pass-the-Ticket (PtT). Both let you authenticate as another user without knowing their plaintext password. But they work on completely different protocols, hit different defenses, and fail in different ways. This guide covers how each attack actually works under the hood, when to reach for one vs the other, how defenders detect them, and how red teamers stay ahead of detection. ...

July 10, 2026 · 9 min · Red Team Guide

NetExec (CrackMapExec) Complete Guide 2026

CrackMapExec is dead. Long live NetExec. If you’ve been in offensive security for more than a few years, CrackMapExec (CME) was probably one of the first tools you learned. It became the go-to for Active Directory enumeration, credential testing, and lateral movement — packed into a single framework with clean output and a protocol-agnostic design. In 2023, the original author archived the project. The community forked it and kept building under a new name: NetExec (nxc). Same DNA, actively maintained, and compatible with everything CME could do. ...

July 7, 2026 · 11 min · Red Team Guide
Azure Pentesting Guide 2026: Red Teaming Microsoft Cloud

Azure Pentesting Guide 2026: Red Teaming Microsoft Cloud

Azure is the second-largest cloud platform on the planet and the dominant choice in enterprise environments. Microsoft’s deep integration with Active Directory, Office 365, and enterprise tooling means Azure is everywhere corporate red teams operate. If you’re doing internal red team work or enterprise pentesting in 2026, Azure is unavoidable. This guide covers the full attack chain — from initial recon through credential theft, RBAC abuse, lateral movement, and persistence — with real commands and the tools that actually work. ...

May 26, 2026 · 14 min · Red Team Guide