SpecterOps aspires to set the cadence for the rest of the cyber security industry and bring unique insight and training into the advanced threat actor tradecraft. Our team has deep experience built through helping hundreds of clients shut down attack paths, evaluate, and develop security operations programs, providing premier adversarial training courses to thousands of students in advanced adversary Tactics, Techniques, and Procedures (TTPs), and sponsoring numerous projects to help the security industry as a whole.
Our security team consists of some of the most sought-after industry experts, bringing deep knowledge of adversary tradecraft and years of experience in attack path management and improving threat detection and response capabilities across both commercial and government sectors.
You have likely found many of our team members speaking at industry conferences on the latest adversary tools and techniques, providing numerous research papers and posts, and developing some of the most widely used open-source tools in the industry.
Our team members are on the forefront of security research, and we are always willing to share our knowledge of attack path management, tradecraft analysis, and other adversary tactics. The objective of every solution we offer is to provide our customers with capabilities to improve their own security operations, not only while we’re there, but even after we’re gone.
We share our operational knowledge and lessons learned in the cyber security field with your team to hone their skill sets, their efficiency, and ultimately better secure your business.
Leveraging expertise built through years of cyber security training, experience and assessments across industries and hundreds of environments, our operators use our understanding of advanced adversary Tactics, Techniques, and Procedures (TTPs) to effectively assess and improve your security posture and ability to respond to today’s sophisticated attacks.
Whether you are building new adversary tradecraft detection and simulation teams or looking to mature existing competencies, we provide an effective approach focused on comprehensively integrating technical components into the overall cyber security operations program, ensuring robust prevention, detection, Attack Path Management, and response capabilities.
The human component to any security program is critical. Building fundamental knowledge and perfecting the skills necessary to protect the enterprise through realistic adversary training is essential to robust security programs. Our cyber security training courses and solutions equip participants with the skills to attack, defend, and harden their environments against advanced threat actors.
From the creators of BloodHound, an Attack Path Management solution that continuously maps and quantifies Active Directory Attack Paths. Remove millions of Attack Paths within your existing architecture and eliminate the attacker’s easiest, most reliable, and most attractive target.
While LLMs can expedite parts of the technical writing/editing process, these tools still require human oversight and guidance to provide an accurate and helpful response.
TL;DR: Ghostwriter now supports real-time collaborative editing for observations, findings, and report fields using the YJS framework, Tiptap editor, and Hocuspocus server, enabling multiple users to edit simultaneously without overwriting each other. This feature integrates seamlessly with Ghostwriter’s existing GraphQL API and infrastructure while introducing modern frontend tooling, React-based components, and upgrades to Django, PostgreSQL, […]
TL;DR Microsoft will be introducing Administrator Protection into Windows 11, so I wanted to have an understanding of how this technology works and how it interacts with existing offensive tooling. While this technology is just a thin wrapper around a separate account, there are a few nuances such as who is permitted to access these […]
TL;DR The BloodHound Query Library is a community-driven collection of Cypher queries designed to help BloodHound Community Edition and BloodHound Enterprise users to unlock the full potential of the flexible BloodHound platform by creating an open query ecosystem. The library is a free tool for the community and you can start using it today at […]
TL;DR Most organizations assume they’ve implemented least privilege, but assumptions don’t stop attackers. Privilege Zones in BloodHound Enterprise lets you define and analyze real-world security boundaries to stop lateral movement and eliminate attack paths across hybrid environments. Organizations assume they have clear privilege boundaries, but those assumptions rarely match reality. Attack paths exist precisely because […]
TL;DR OneLogin was found to have security vulnerabilities in its AD Connector service that exposed authentication credentials and enabled account impersonation. This research showed that attackers could access credentials and signing keys to generate valid JWT tokens, allowing user impersonation. Leaked AWS credentials allowed SpecterOps to register an unclaimed S3 bucket referenced in the OneLogin […]
TL;DR Microsoft has recently changed how Entra Connect Sync authenticates to Entra ID. This blog post will discuss what has been changed and how to adjust attacker tradecraft. Recently, Microsoft changed the way the Entra Connect Connect Sync agent authenticates to Entra ID. These changes affect attacker tradecraft, as we can no longer export the […]
TL;DR In an effort to learn about Model Context Protocol servers, I created a MCP server that allows Claude Desktop to access and analyze data contained with a running instance of BloodHound Community Edition. This MCP is recommended to be used with Lab or Example data. Future releases will have Local LLM support. Introduction During […]
TL;DR Tokenization Confusion: We look at the new Prompt Guard 2 model from Meta, how “confusing” Unigram tokenization can lead to misclassification of malicious prompts, and why building up our ML knowledge will lead to better findings when assessing LLM API’s. Recently, upon getting ready to board a flight across the Atlantic, I was deciding […]
TL;DR In the final post of this series, I’ll discuss what to do after your latest exam attempt to get the most value out of your OSCP journey. Introduction Throughout this series, I’ve shared practical advice for PEN-200: Penetration Testing with Kali Linux students seeking to maximize the professional, educational, and financial value of pursuing […]
