Martin Sohn Christensen

Profiles

Tools

ManagerOfHound - OpenGraph extension for BloodHound to discover manager-subordinate privilege escalation paths
CIS Controls Initial Assessment Tool v8.0b - Enhanced CIS Controls v8 assessment spreadsheet with consolidated safeguards and enriched metadata
Office phish templates and defense recommendations - Social engineering templates to trick users into enabling macros, plus comprehensive defense strategies
PowerShell TCP reverse shell - Encrypted reverse shell with DNS-over-HTTPS C2 discovery and comprehensive PowerShell defense guidance
CVE-2020-8816 analysis and PoC - Alternative Pi-hole RCE exploit using $PWD and globbing instead of $PATH manipulation

Posts

2025-06-17, Introducing the BloodHound Query Library
2023-03-02, How I killed BT's payphone email service
2023-02-13, Basic Microsoft Active Directory Security - Identify and Prioritize Low-hanging Risks
2022-09-13, Local privilege escalation vulnerabilities in PeaZip MSI installer - CVE-2022-40779 & CVE-2022-47082
Series: Email security (collab)
- 2022-06-21, Part 1: All Your SPF Includes Are Belong To Us
- 2022-06-27, Part 2: Phish'n'Chimps: email spoofing via marketing and CRM platforms
- 2022-07-08, Part 3: Email Security Pitfalls
Series: SID filter as security boundary between domains? (collab)
- 2022-03-28, Part 1: Kerberos authentication explained
- 2022-03-29, Part 2: Known AD attacks - from child to parent
- 2022-04-01, Part 3: SID filtering explained
- 2022-04-04, Part 4: Bypass SID filtering research
- 2022-04-06, Part 5: Golden GMSA trust attack - from child to parent
- 2022-04-07, Part 6: Schema change trust attack - from child to parent
- 2022-04-08, Part 7: Trust account attack - from trusting to trusted
2022-03-17, Privilege escalation vulnerability in Anaconda3 and Miniconda3 - CVE-2022-26526
2022-03-01, Network share risks - Deploying secure defaults and searching shares for sensitive information (credentials, PII, and more)
2021-12-03, The command prompt has been disabled by your administrator. Press any key to continue... or use these weird tricks to bypass – admins will hate you!
2021-01-28, Privilege escalation vulnerability in NinjaRMM Agent MSI Installer introduced by EXEMSI MSI Wrapper - CVE-2021-26273 & CVE-2021-26274

Talks

2022-10-09, BSides Copenhagen 2022: Don't be trusted: Active Directory trust attacks, and the recording
2022-08-14, Adversary Village DEF CON 30: Don't be trusted: Active Directory trust attacks
2022-03-26, OWASP Copenhagen: Email spoofing via marketing platforms

CVEs

PeaZip - Local privilege escalation vulnerabilities in PeaZip MSI installer
- CVE-2022-40779: Privilege escalation in PeaZip version 8.8.0 MSI installer due to EXEMSI vulnerability
- CVE-2022-47082: Privilege escalation in PeaZip version 8.8.0 MSI Installer due to incorrect access control
Anaconda3 and Miniconda3 - Privilege escalation vulnerability in Anaconda3 and Miniconda3
- CVE-2022-26526: Privilege escalation in Anaconda3 v2021.11.0.0 and Miniconda3 v11.0.0.0
NinjaRMM Agent - Privilege escalation vulnerability in NinjaRMM Agent MSI Installer introduced by EXEMSI MSI Wrapper
- CVE-2021-26273: Privilege escalation in NinjaRMM Agent v5.0.909
- CVE-2021-26274: Insecure installation folder permissions in NinjaRMM Agent v5.0.909
- CVE-2021-32415: EXEMSI MSI Wrapper Versions prior to 10.0.50 and at least since version 6.0.91 will introduce a local privilege escalation vulnerability in installers it creates.

Certifications/trainings

SpecterOps - Adversary Tactics: Identity-Driven Offensive Tradecraft
SpecterOps - Adversary Tactics: Red Team Operations
Outsider Security - Offensive Entra ID (Azure AD) and Hybrid AD Security @ Insomni'hack 2024
SpecterOps - Adversary Tactics: Vulnerability Research for Operators @ Black Hat 2023
SpecterOps - Adversary Tactics: Tradecraft Analysis @ Black Hat 2022
eLearnSecurity - Certified Professional Penetration Tester (eCPPTv2)
Zero-Point Security - Certified Red Team Operator (CRTO)
Pentester Academy - Certified Red Team Professional (CRTP)