SpecterOps
@SpecterOps
Know Your Adversary - Adversary Simulation | Detection | Resilience
Introducing Privilege Zones for BloodHound Enterprise! 👏 Now BHE users can define custom security boundaries around business-critical resources & enforce least privilege access across on-prem, cloud & hybrid environments. Learn more: ghst.ly/3FUxGx1
.@_logangoins is dropping knowledge on ADWS exploitation. 🧠 Learn how attackers use the SOAP protocol for LDAP collection on Domain Controllers & dive into maximizing OPSEC-considerate collection workflows while exploring detection methods. ghst.ly/4lPodH4
Classic NTLM relay problem: Stuck on port 445/TCP, can't use WMI (needs 135/TCP), and dumping hashes triggers EDR alerts. So what's a stealthy attacker to do? 🤔 Our latest blog post explores evasive alternatives beyond the old techniques. ghst.ly/3ILR1l0
It's Friday, and you know what that means: #BloodHoundBasics. 🙌 Does a compromise of one AD domain enable compromise of another? BloodHound’s pathfinding can quickly help you answer that question. s/o @Jonas_B_K
Think being compliant = being secure? Think again. 🤔 Hear from @ScoubiMtl at #BSidesLV as he exposes the gap between blindly following rules & security posture. Get the info on password security & what to do when "compliant" passwords fail you. ghst.ly/4o66cWk
Let's talk about compromised Jamf accounts. Join Lance Cain & Daniel Mayer at #BHUSA as they show exactly how red teams are exploiting Jamf APIs to move laterally through mature macOS environments, and how to stop them. Learn more 👉 ghst.ly/3UqcRNv
Real-time collaboration has landed in Ghostwriter v6.0! 👻 Multiple users can now edit observations, findings, & report fields simultaneously w/o the chaos of overwriting each other's work. @cmaddalena dives into the details in his latest blog update. ghst.ly/3TTSrwc
Are you using search in Mythic to its full potential? 🕵 @its_a_feature_ demos how to find exactly what you need across all your operation data - tasks, credentials, files, & more. Watch → ghst.ly/mythic-search
Get to know what's new w/ SCCMHunter. Join @unsigned_sh0rt's #BHUSA Arsenal session on the post-exploitation tool & learn about the updates, including site system profiling, extended admin modules, & credential relaying capabilities. ghst.ly/3GkhpBV
Social engineering has entered the AI era. Join @FKasler, Kieran Croucher, Rebecca Allor & Max Andreacchi at their #BHUSA Arsenal session showing how AI agents can automate OSINT profiling & craft personalized phishing campaigns. Learn more 👉 ghst.ly/3IDNvJj
You don't want to miss Nemesis 2.0 at #BHUSA! Join @harmj0y & @tifkin_'s Arsenal session on the ground-up rewrite of Nemesis focused on manual file triage for offensive operations. Learn more ▶️ ghst.ly/4lowhhC
SCCM’s Management Points can leak more than you’d expect. @unsigned_sh0rt shows how Network Access Accounts, Task Sequences, and Collection Settings can be stolen by relaying a remote Management Point to the site database. Check it out ⬇️ ghst.ly/4eNLaHU
Big updates are coming to BloodHound! Join our webinar July 31 to hear from @JustinKohler10, @StephenHinck, @_wald0 & @jaredcatkinson on some of the new features the team is rolling out. Register ▶️ ghst.ly/july-web-tw
🔴 Red and blue teams, this one's for you. 🔵 LudusHound bridges BloodHound Attack Paths with lab automation by creating a functional Active Directory replica testing environment. Read @bagelByt3s blog post for more. ghst.ly/40Ippn1
Level up your skills w/ the Specter team at #SpecterBash 2025! 👻 Choose from 4 field-tested adversary tradecraft courses and learn directly from those doing the work. Details 👉 specterops.io/specter-bash
🤔 Curious who made your most beloved open-source tools? From BloodHound and Mythic to Ghostwriter and more, meet our team at Booth 4527 during #BHUSA! Schedule a conversation ➡️ ghst.ly/bhusa-25
