Further Adventures With CMPivot — Client Coercion
Further Adventures With CMPivot — Client Coercion Perfectly Generated AI Depiction based on Title TL:DR CMPivot queries can be used to coerce SMB authentication from SCCM client hosts Introduction CMPivot is a component part of the Configuration Manager framework. With the rise in popularity for ConfigMgr as a target in red team operations, this post looks to cover a way […]
Insurance companies can reduce risk with Attack Path Management
TL;DR Insurance companies host large amounts of sensitive data (PII, PHI, etc.) and often have complex environments due to M&A and divestitures Most breaches start with human error Fortune 500 companies rely on Microsoft Active Directory as a backbone for Identity and Access Management Attackers target Active Directory to move laterally and escalate privilege An Attack […]
Introducing BloodHound CLI
We created a new tool to help you install and manage BloodHound instances, BloodHound CLI! GitHub – SpecterOps/bloodhound-cli Written entirely in Go, this command-line tool can be cross-compiled to support Windows, macOS, and Linux, so you can use whichever operating system you like as your host system for BloodHound. You only need to have Docker […]
Part 16: Tool Description
On Detection: Tactical to Functional Why it is Difficult to Say What a Tool Does Introduction Over the years, I’ve noticed that we have a difficult time describing a specific tool’s functionality. I participated in conversations or listened to lectures where someone inevitably attempts to describe the techniques or behavior that they associate with a given […]
Part 15: Function Type Categories
On Detection: Tactical to Functional Seven Ways to View API Functions Introduction Welcome back to Part 15 of the On Detection: Tactical to Functional blog series. I wrote this article to serve as a resource for those attempting to create tool graphs to describe the capabilities of the attacker tools or malware samples they encounter. […]
ADFS — Living in the Legacy of DRS
ADFS — Living in the Legacy of DRS It’s no secret that Microsoft have been trying to move customers away from ADFS for a while. Short of slapping a “deprecated” label on it, every bit of documentation I come across eventually explains why Entra ID should now be used in place of ADFS. And yet… we still encounter it […]
Misconfiguration Manager: Detection Updates
TL;DR: The Misconfiguration Manager DETECT section has been updated with relevant guidance to help defensive operators identify the most prolific attack techniques from the Misconfiguration Manager project. Background If you have been following SpecterOps’s offensive security research over the last few years, you may have noticed our interest in targeting attack paths leveraging Microsoft’s Configuration Manager […]
Unwrapping BloodHound v6.3 with Impact Analysis
Just in time for the holidays, sharper tools for faster defense Today, the SpecterOps team rolled out a number of new features, product enhancements, and recommendations intended to help users of BloodHound Enterprise and BloodHound Community Edition more easily visualize attack paths and show improvements in identity risk reduction over time. Scroll down to learn more […]
SPA is for Single-Page Abuse! – Using Single-Page Application Tokens to Enumerate Azure
Author: Lance B. Cain Overview Microsoft Azure is a leading cloud provider offering technology solutions to companies, governments, and other organizations around the globe. As such, many entitles have begun adopting Azure for their technology needs to include identity, authentication, storage, application management, and web services. One of the most common methods for organizations to begin […]
FedRAMP High Authorization for BloodHound Enterprise is a Critical Win for the Public Sector
Author: David McGuire, CEO, SpecterOps Today, we’re thrilled to announce that SpecterOps has earned FedRAMP High Authorization for BloodHound Enterprise! This is no small achievement, as it makes our BloodHound Enterprise identity security platform available to U.S. government organizations that operate at the FedRAMP High baseline. This shows SpecterOps’ commitment to data security for all […]