Know Your
Adversary

The SpecterOps Difference

SpecterOps aspires to set the cadence for the rest of the cyber security industry and bring unique insight and training into the advanced threat actor tradecraft. Our team has deep experience built through helping hundreds of clients shut down attack paths, evaluate, and develop security operations programs, providing premier adversarial training courses to thousands of students in advanced adversary Tactics, Techniques, and Procedures (TTPs), and sponsoring numerous projects to help the security industry as a whole.

Industry Experts

Our security team consists of some of the most sought-after industry experts, bringing deep knowledge of adversary tradecraft and years of experience in attack path management and improving threat detection and response capabilities across both commercial and government sectors.

Community Contributions

You have likely found many of our team members speaking at industry conferences on the latest adversary tools and techniques, providing numerous research papers and posts, and developing some of the most widely used open-source tools in the industry.

Unsurpassed Transparency

Our team members are on the forefront of security research, and we are always willing to share our knowledge of attack path management, tradecraft analysis, and other adversary tactics. The objective of every solution we offer is to provide our customers with capabilities to improve their own security operations, not only while we’re there, but even after we’re gone.

SpecterOps Cyber Security Awareness
How we can help

We Outfit Your Organization for Defense

Evaluate

Security Assessment Services

Security Assessment Services

Security Assessment Services

Leveraging expertise built through years of cyber security training, experience and assessments across industries and hundreds of environments, our operators use our understanding of advanced adversary Tactics, Techniques, and Procedures (TTPs) to effectively assess and improve your security posture and ability to respond to today’s sophisticated attacks.

Develop

Program Development

Cyber Security Awareness Program

Program Development

Whether you are building new adversary tradecraft detection and simulation teams or looking to mature existing competencies, we provide an effective approach focused on comprehensively integrating technical components into the overall cyber security operations program, ensuring robust prevention, detection, Attack Path Management, and response capabilities.

Equip

Adversary Training Solutions

Adversarial Training

Adversary Training Solutions

The human component to any security program is critical. Building fundamental knowledge and perfecting the skills necessary to protect the enterprise through realistic adversary training is essential to robust security programs. Our cyber security training courses and solutions equip participants with the skills to attack, defend, and harden their environments against advanced threat actors.

Secure

BloodHound Enterprise

Secure with BloodHound Enterprise

BloodHound Enterprise

From the creators of BloodHound, an Attack Path Management solution that continuously maps and quantifies Active Directory Attack Paths. Remove millions of Attack Paths within your existing architecture and eliminate the attacker’s easiest, most reliable, and most attractive target.

Featured Projects

We’re Sharing Our Tools Openly For Our Community

In the spotlight

Security Topics We’re Discussing

Active Directory

Do You Own Your Permissions, or Do Your Permissions Own You?

tl;dr: Less FPs for Owns/WriteOwner and new Owns/WriteOwnerLimitedRights edges Before we get started, if you’d prefer to listen to a 10-minute presentation instead of or to supplement reading this post, please check out the recording of our most recent BloodHound Release Recap webinar. You can also sign up for future webinars here. Back in August, a […]

7 min read | Mar 26
Chris Thompson
Active Directory

Getting the Most Value Out of the OSCP: The PEN-200 Labs

How to leverage the PEN-200 simulated black-box penetration testing scenarios for maximal self-improvement and career success. Disclaimer: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements. I have not been sponsored or incentivized in any way to recommend or oppose any […]

15 min read | Mar 25
kieran croucher
Active Directory

Getting Started with BHE — Part 2

Contextualizing Tier Zero TL;DR An accurately defined Tier Zero provides an accurate depiction of Attack Path Findings in your BHE tenant. Different principals (groups, GPOs, OUs, etc.) have different implications when Tier Zero is defined — understanding these will help reduce confusion around why something showing up as Tier Zero. Welcome to round two of the Getting Started with BloodHound […]

9 min read | Mar 19
Nathan Davis
Active Directory

Getting Started with BHE — Part 1

Understanding Collection, Permissions, and Visibility of Your Environment TL;DR Attack Path visibility is dependent upon scope of collection; complete collection is dependent upon appropriate permissions. Your collection strategy benefits from tiering just like your domain(s). Introduction Welcome to my series on Getting Started with BloodHound Enterprise! This series comes after having had several discussions with […]

5 min read | Mar 12
Nathan Davis
Active Directory

Decrypting the Forest From the Trees

TL;DR: SCCM forest discovery accounts can be decrypted including accounts used for managing untrusted forests. If the site server is a managed client, service account credentials can be decrypted via the Administration Service API. Introduction While Duane Michael, Chris Thompson, and I were originally working on the Misconfiguration Manager project, one of the tasks I took […]

9 min read | Mar 06
garrett foster
Active Directory

Fueling the Fight Against Identity Attacks

When we founded SpecterOps, one of our core principles was to build a company which brought unique insight into high-capability adversary tradecraft, constantly innovating in research and tooling. We aspired to set the cadence of the cyber security industry through a commitment to benefit our entire security community. Today, I am thrilled to announce that […]

3 min read | Mar 05
David McGuire
Active Directory

Getting the Most Value Out of the OSCP: The PEN-200 Course

In this second post of a five-part series, I provide advice on how to best utilize the PEN-200 course material for a successful career in ethical hacking. Disclaimer: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements. I have not been […]

14 min read | Mar 04
kieran croucher
Active Directory

Don’t Touch That Object! Finding SACL Tripwires During Red Team Ops

During red team operations, stealth is a critical component. We spend a great deal of time ensuring our payloads will evade any endpoint detection and response (EDR) solution, our traffic is obfuscated and hard to trace, and our commands will interact with a system in a way that limits the number of possible detection opportunities […]

16 min read | Feb 20
alexander demine
Active Directory

Getting the Most Value out of the OSCP: Pre-Course Prep

The first post in a five-part practical guide series on maximizing the professional, educational, and financial value of the OffSec certification pursuit for a successful career in offensive cybersecurity consulting Disclaimer: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements. […]

18 min read | Feb 12
kieran croucher
Active Directory

Enhancements for BloodHound v7.0 Provide Fresh User Experience and Attack Path Risk Optimizations

TL;DR: Refreshed user interface with a new vertical navigation layout for improved user experience. General Availability of “Improved Analysis Algorithm” that provides more accurate risk scoring for findings across your environment. Enhancements to the Posture page, including a new “Attack Paths” metric and increased visibility into your Attack Path security posture. Release highlights focus on […]

5 min read | Feb 11
dev bhatt