3 Foundational Pillars for Attack Path Management: Pillar 2 — Empirical Impact Assessment Attack Paths are the chains of abusable privileges and user behaviors that create direct and indirect connections between Active Directory Users and Computers. The unintended…

Introducing BloodHound 4.1 — The Three Headed Hound Prior Work Analyzing Active Directory attack paths using graph theory is not a new concept. Prior work includes the following: Heat-ray by John Dunagan, Alice Zheng, and Daniel R. Simon (2009) Airbus BTA…

Attack Path Management Pillars: Part 3 —Practical AD Security Remediation Guidance Historically, Identity Attack Paths are a double edge sword; remediation efforts can easily break production applications or create more Attack Paths. Unfortunately, fixing…

Rethinking the way that we approach phishing as a component of red team operations

In July of 2021, we launched BloodHound Enterprise. Since then, our customers have been using BHE to easily identify and eliminate…

SpecterOps statement regarding the War in Ukraine.

Ghostwriter is a part of your team. It helps you manage clients, projects, reports, and infrastructure in one application.

Ghostwriter is changing! We have a new release candidate and a GraphQL API open for feedback.

SCCM crash course on how to prevent attacks, and invoking Automatic Client Push with SharpSCCM. How to build, test, and contribute to SharpSCCM.

Co-founder of SpecterOps. Co-creator of BloodHound.

https://t.co/rub1i3Fs9g

For the past two years I’ve been trying to get a grasp on the field of machine learning with the hopes of applying it to both offense and…

In the previous post, I went through a very brief overview of some machine learning concepts, talked about the Revoke-Obfuscation project…

In the first post in this series we covered a brief background on machine learning, the Revoke-Obfuscation approach for detecting…

Loading malicious dylibs into the Tclsh binary

EntropyCapture extracts the DPAPI optional entropy using API hooking.

One of the routine tasks operators regularly encounter on most engagements is data mining. While exactly what operators are after varies…

Ghostwriter is a part of your team. It helps you manage clients, projects, reports, and infrastructure in one application.

Intro and Prior Work

The Ghostwriter team recently released v3.0.0. This release represents a significant milestone for the project, and there has never been a…

Preventing escalation from initial access in your Active Directory (AD) environment to Domain Admins can feel impossible, especially after…

Explore the risks lurking within SCCM's Network Access Accounts, why transitioning to Enhanced HTTP isn't enough, and why disabling NAAs from AD is crucial.