- X @martinsohndk
- Bluesky @martinsohn.dk
- LinkedIn @martinsohn
- GitHub @martinsohn
- BloodHound Query Library - A community-driven repository of BloodHound queries
- ManagerOfHound - OpenGraph extension for BloodHound to discover manager-subordinate privilege escalation paths
- CIS Controls Initial Assessment Tool v8.0b - Enhanced CIS Controls v8 assessment spreadsheet with consolidated safeguards and enriched metadata
- Office phish templates and defense recommendations - Social engineering templates to trick users into enabling macros (featured by Emotet), plus comprehensive defense strategies
- PowerShell TCP reverse shell - Encrypted reverse shell with DNS-over-HTTPS C2 discovery and comprehensive PowerShell defense guidance
- 2026-03-24, RTFM: Read The Fatal Manual – When Vendor Documentation Creates Critical Attack Paths
- 2025-06-17, Introducing the BloodHound Query Library
- 2023-03-02, How I killed BT's payphone email service
- 2023-02-13, Basic Microsoft Active Directory Security - Identify and Prioritize Low-hanging Risks
- 2022-09-13, Local privilege escalation vulnerabilities in PeaZip MSI installer - CVE-2022-40779 & CVE-2022-47082
- Series: Email security (collab w/ Jeffrey Bencteux & Sebastian Andersen)
- 2022-06-21, Part 1: All Your SPF Includes Are Belong To Us
- 2022-06-27, Part 2: Phish'n'Chimps: email spoofing via marketing and CRM platforms
- 2022-07-08, Part 3: Email Security Pitfalls
- Series: SID filter as security boundary between domains? (collab w/ Jonas Bülow Knudsen & Tobias Torp)
- 2022-03-28, Part 1: Kerberos authentication explained
- 2022-03-29, Part 2: Known AD attacks - from child to parent
- 2022-04-01, Part 3: SID filtering explained
- 2022-04-04, Part 4: Bypass SID filtering research
- 2022-04-06, Part 5: Golden GMSA trust attack - from child to parent
- 2022-04-07, Part 6: Schema change trust attack - from child to parent
- 2022-04-08, Part 7: Trust account attack - from trusting to trusted
- 2022-03-17, Privilege escalation vulnerability in Anaconda3 and Miniconda3 - CVE-2022-26526
- 2022-03-01, Network share risks - Deploying secure defaults and searching shares for sensitive information (credentials, PII, and more)
- 2021-12-03, The command prompt has been disabled by your administrator. Press any key to continue... or use these weird tricks to bypass – admins will hate you!
- 2021-01-28, Privilege escalation vulnerability in NinjaRMM Agent MSI Installer introduced by EXEMSI MSI Wrapper - CVE-2021-26273 & CVE-2021-26274
- 2020-06-16, Pi-hole CVE-2020-8816 analysis and alternative PoC
- 2026-06-24, TROOPERS26: Tier Breakers: Blind Spots in Cloud-Managed PAWs (collab w/ Thomas Naunheim)
- 2026-06-20, BSides Aarhus 2026: RTFM - Read The Fatal Manual: When Documentation Creates Critical Misconfiguration
- 2026-04-24, BSides Prague 2026: RTFM - Read The Fatal Manual: When Documentation Creates Critical Misconfiguration
- 2022-10-09, BSides Copenhagen 2022: Don't be trusted: Active Directory trust attacks, and the recording (collab w/ Jonas Bülow Knudsen)
- 2022-08-14, Adversary Village DEF CON 30: Don't be trusted: Active Directory trust attacks (collab w/ Jonas Bülow Knudsen)
- 2022-03-26, OWASP Copenhagen: Email spoofing via marketing platforms
- Multiple vendors - RTFM: Read The Fatal Manual – When Vendor Documentation Creates Critical Attack Paths
- CyberArk CA25-38: Critical severity issue in the "Manage AD certificates in the devices" section of CyberArk Identity documentation
- ManageEngine security advisory: Corrected AD CS certificate template guidance
- PeaZip - Local privilege escalation vulnerabilities in PeaZip MSI installer
- CVE-2022-40779: Privilege escalation in PeaZip version 8.8.0 MSI installer due to EXEMSI vulnerability
- CVE-2022-47082: Privilege escalation in PeaZip version 8.8.0 MSI Installer due to incorrect access control
- Anaconda3 and Miniconda3 - Privilege escalation vulnerability in Anaconda3 and Miniconda3
- CVE-2022-26526: Privilege escalation in Anaconda3 v2021.11.0.0 and Miniconda3 v11.0.0.0
- NinjaRMM Agent - Privilege escalation vulnerability in NinjaRMM Agent MSI Installer introduced by EXEMSI MSI Wrapper
- CVE-2021-26273: Privilege escalation in NinjaRMM Agent v5.0.909
- CVE-2021-26274: Insecure installation folder permissions in NinjaRMM Agent v5.0.909
- CVE-2021-32415: EXEMSI MSI Wrapper Versions prior to 10.0.50 and at least since version 6.0.91 will introduce a local privilege escalation vulnerability in installers it creates.
- SpecterOps - Adversary Tactics: Identity-Driven Offensive Tradecraft (AT:IDOT)
- SpecterOps - Adversary Tactics: Red Team Operations (AT:RTO) @ SO-CON 2025
- SpecterOps - Adversary Perspectives: Active Directory (AP:AD) [Certified Trainer]
- Outsider Security - Offensive Entra ID (Azure AD) and Hybrid AD Security @ Insomni'hack 2024
- SpecterOps - Adversary Tactics: Vulnerability Research for Operators (AT:VRO) @ Black Hat 2023
- SpecterOps - Adversary Tactics: Tradecraft Analysis (AT:TA) @ Black Hat 2022
- eLearnSecurity - Certified Professional Penetration Tester (eCPPTv2)
- Zero-Point Security - Certified Red Team Operator (CRTO)
- Pentester Academy - Certified Red Team Professional (CRTP)