Garrett
@unsigned_sh0rt
Research at @SpecterOps
Non-infosec post this time. I try to stray away from talking about my personal life here as much as I can especially when it comes to my family. In November 2023 my son Oliver was diagnosed with level 3 Autism Spectrum Disorder.
My first @SpecterOps blog! Ever wanted to collect Active Directory information from LDAP for a Red Team? Using LDAP's more OPSEC-considerate cousin: ADWS can be used to improve upon the already present advantages of using smaller-scaling LDAP queries. specterops.io/blog/2025/07/2…
anyone else put on headphones and forget to turn on music for a few hours? just been sitting here listening to the soothing tones of tinnitus
#x33fcon 2025 talks: @tifkin_ & @harmj0y - Nemesis 2.0: Building an Offensive VirusTotal > youtu.be/RjLqfhQGUnE
Made some changes to SoaPy to allow ADWS recon to be ingested into @Tw1sm 's BOFHound offline for upload to BloodHound. A blog detailing an operational perspective of ADWS collection from Linux with BloodHound is coming soon. For now, the changes are here: github.com/logangoins/Soa…
Excited! Come grab some stickers...the update includes a new "relay" module to support TAKEOVER-5. No more using a 2 year old pull-request that hasn't been merged yet.
Get to know what's new w/ SCCMHunter. Join @unsigned_sh0rt's #BHUSA Arsenal session on the post-exploitation tool & learn about the updates, including site system profiling, extended admin modules, & credential relaying capabilities. ghst.ly/3GkhpBV
This is awesome work @TEMP43487580 ! SCCM recon from the MP
Uploaded mprecon, a tiny script I made while learning SCCM. It pulls info from MP server like DP locations, site version, build number, SMSID, and device's primary user etc. No special privileges are required. Sometimes works without authentication🤯 github.com/temp43487580/m…
SCCM’s Management Points can leak more than you’d expect. @unsigned_sh0rt shows how Network Access Accounts, Task Sequences, and Collection Settings can be stolen by relaying a remote Management Point to the site database. Check it out ⬇️ ghst.ly/4eNLaHU
What can you expect next from BloodHound? 👀 Join @JustinKohler10 & @StephenHinck as they chat with @_wald0 & @jaredcatkinson about some of the exciting new features coming to the platform. Register today! ▶️ ghst.ly/july-web-tw
Azure Arc is Microsoft's solution for managing on-premises systems in hybrid environments. My new blog covers how it can it be identified in an enterprise and misconfigurations that could allow it to be used for out-of-band execution and persistence. ibm.com/think/x-force/…
Happy Friday! @tifkin_ and I are happy to announce that we have cut the release for Nemesis 2.0.0 - check out the CHANGELOG for a (brief) summary of changes, and dive into our new docs for more detail! We're extremely proud and excited for this release github.com/SpecterOps/Nem…
In the year since Misconfiguration Manager's release, the security community has been actively researching new tradecraft & identifying new attack paths. @subat0mik & @unsigned_sh0rt dive into the research & its impact on the state of SCCM security. ⬇️ ghst.ly/460vI9d
Thanks to everyone who attended our (@unsigned_sh0rt) talk at @WEareTROOPERS! Here is the companion blog post: specterops.io/blog/2025/06/2…