Pwned by the Mail Carrier 2024-3-21 00:28:57 | 阅读: 6 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io

Summoning RAGnarok With Your Nemesis I hope I’m Not Too LateWith the explosion of large language model (LLM) use, everyone is rushing to... 2024-3-14 00:18:29 | 阅读: 26 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io nemesis llm embedding ragnarok reranker

Browserless Entra Device Code Flow 2024-3-6 23:17:26 | 阅读: 3 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io

Misconfiguration Manager: Overlooked and Overprivileged TL;DR: Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Ma... 2024-3-6 02:43:52 | 阅读: 11 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io sccm defensive coercion client

Final Steps to BloodHound Federal — FedRAMP High Compliance Ever since SpecterOps first launched BloodHound Enterprise (BHE) in July 2021, one of our team’s big... 2024-3-5 22:2:21 | 阅读: 11 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io fedramp palantir bhe compliant dod

ADCS ESC14 Abuse Technique The altSecurityIdentities attribute of Active Directory (AD) computers and users allows you to speci... 2024-2-29 04:1:16 | 阅读: 29 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io victim attacker extca01

SCCM Hierarchy Takeover with High Availability TL;DR: SCCM sites configured to support high availability can be abused to compromise the entire hie... 2024-2-22 04:12:45 | 阅读: 18 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io sccm 888 chris specter

The Most Dangerous Entra Role You’ve (Probably) Never Heard Of Entra ID has a built-in role called “Partner Tier2 Support” that enables escalation to Global Admin,... 2024-2-17 00:56:48 | 阅读: 9 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io entra tier2 assignments bloodhound assignment

ADCS ESC13 Abuse Technique It is possible to configure an Active Directory Certificate Services (ADCS) certificate template wit... 2024-2-15 01:13:17 | 阅读: 12 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io issuance dumpster esc13user esc13

Directory.ReadWrite.All Is Not As Powerful As You Might Think Directory.ReadWrite.All is an MS Graph permission that is frequently cited as granting high amounts... 2024-2-13 01:54:32 | 阅读: 10 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io sp6 security sp1 assignable bloodhound

Spinning Webs — Unveiling Arachne for Web Shell C2 A web shell is a payload that allows continued access to a remote system, just like other “shells” w... 2024-2-8 00:48:15 | 阅读: 9 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io mythic arachne tasking c2 taskdata

Microsoft Breach — How Can I See This In BloodHound? On January 25, 2024, Microsoft announced Russia’s foreign intelligence service (i.e., Sluzhba vneshn... 2024-2-3 05:56:8 | 阅读: 9 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io entra microsoft bloodhound tier

Microsoft Breach — What Happened? What Should Azure Admins Do? On January 25, 2024, Microsoft published a blog post that detailed their recent breach at the hands... 2024-2-3 05:32:0 | 阅读: 9 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io microsoft principals entra

BOFHound: Session Integration If you’ve found yourself on a red team assessment without SharpHound (maybe due to OPSEC or stealth... 2024-1-31 01:2:2 | 阅读: 15 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io sharphound bofhound bofs bloodhound oxenfurt

ADCS Attack Paths in BloodHound — Part 1 Since Will Schroeder and Lee Christensen published the Certified Pre-Owned whitepaper, the BloodHoun... 2024-1-25 01:2:29 | 阅读: 22 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io bloodhound adcs traversable ct ekus

Calling Home, Get Your Callbacks Through RBI Authored By: Lance B. Cain and Alexander DeMineRemote Browser Isolation (RBI) is a security technolo... 2024-1-18 06:59:21 | 阅读: 20 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io rbi c2 payload security proxy

Cypher Queries in BloodHound Enterprise BloodHound Enterprise (BHE) recently saw the addition of a new, game-changing feature: open-ended Cy... 2024-1-11 00:51:36 | 阅读: 15 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io cypher tier bhe privileges smith

Sleepy — Python Tooling for Sleep Thank you to SpecterOps for supporting this research and to Sarah, Cody, and Daniel for proofreading... 2023-12-15 00:5:56 | 阅读: 10 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io cobalt bofs sleepy artifact tooling

Mythic v3.2 Highlights: Interactive Tasking, Push C2, and Dynamic File Browser Mythic v3.2 has Push C2, Interactive Async Tasking, TypedArray parameters, new graphing libraries in... 2023-11-29 22:34:57 | 阅读: 13 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io mythic c2 database tasking library

Merlin’s Evolution: Multi-Operator CLI and Peer-to-Peer Magic Image Generated by https://hotpot.ai/art-generatorOver the past year, I’ve been working on making si... 2023-11-16 01:12:22 | 阅读: 9 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io merlin agents jwe reverse