Scott Sutherland

I'm doing a talk at BSidesLV on this, but I'm dropping the research early, discovered this in 2022, and releasing now for awareness, how to decrypt F5 Service Account Passwords Standalone tool github.com/evilmog/F5-Dec…

I have just released my first tool : GPOHound 🚀 GPOHound is an offensive tool for dumping and analysing GPOs. It leverages BloodHound data and enriches it with insights extracted from the analysis. 🔗Check it out here: github.com/cogiceo/GPOHou…

Get to know what's new w/ SCCMHunter. Join @unsigned_sh0rt's #BHUSA Arsenal session on the post-exploitation tool & learn about the updates, including site system profiling, extended admin modules, & credential relaying capabilities. ghst.ly/3GkhpBV

NetSPI Principal Security Consultant Jason Juntunen recently published findings on a Remote Code Execution vulnerability in SailPoint's IQService component. 👉 Read the full technical breakdown: ow.ly/GbT150WmgRg #proactivesecurity #VulnerabilityResearch

Happy Friday! @tifkin_ and I are happy to announce that we have cut the release for Nemesis 2.0.0 - check out the CHANGELOG for a (brief) summary of changes, and dive into our new docs for more detail! We're extremely proud and excited for this release github.com/SpecterOps/Nem…

Including nice tool release 🔥 github.com/temp43487580/E…

Super interesting blog on how to automate some MS-RPC research 🧐 incendium.rocks/posts/Automati…

I publish two blog posts today! 📝🐫  The first dives into how we're improving the way BloodHound models attack paths through AD trusts: specterops.io/blog/2025/06/2…  The second covers an attack technique I came across while exploring AD trust abuse: specterops.io/blog/2025/06/2…

Tokenizing has dropped in Rigging. Train models in-line with LLM interactions, tools calls, and metrics. 👀 github.com/dreadnode/rigg…

Thank you so much to @x33fcon and its organizers for an awesome experience! @tifkin_ and I had a blast talking about the new Nemesis 2.0 rewrite (code live at github.com/SpecterOps/Nem… !) and hope to be back next year #x33fcon

One Tool To Rule Them All AMSI, CLM and ETW – defeated* with one Microsoft signed tool by someone called Ian shells.systems/one-tool-to-ru…

Deception isn’t fluff… it’s friction. And friction slows attackers down, gives defenders an edge, and buys you time. The whole point is to make them second guess their actions, make them have to perform more actions and hopefully increase the chances of detection

Top 7 most important statistical analysis concepts that have helped me as a Data Scientist. This is a complete 7-step beginner ROADMAP for learning stats for data science. Let's go:

HijackLibs.net details hundreds of publicly disclosed DLL Hijacking opportunities. With over 700 stars on GitHub and a growing list, @Wietze does an amazing job maintaining it. Despite this contributing can be time consuming. That's why I've created HijackLibs Helper!👇

My talk from #socon2025 is up, get your “urm” counter ready! youtu.be/RiOtfPM7i3U?si…

Blogpost from my colleague about what’s still possible with recently published COM/DCOM toolings, Cross Session Activation and Kerberos relaying 🔥 r-tec.net/r-tec-blog-win…

And another AMSI bypass with a different DLL/patch 👌 medium.com/@andreabocchet…

New blog from me about a bug in Power Apps that allows execution of arbitrary SQL queries on hosts connected through on-prem data gateways. This can turn external O365 access into compromised on-prem SQL servers. ibm.com/think/x-force/…

4. Open Source PandasAI is available for everyone, 100% open-source. You can get PandasAI on GitHub here: github.com/sinaptik-ai/pa…

This bit of sql server hackery by @_xpn_ is worth the read for pentesters and red teamers: posts.specterops.io/the-sql-server…