SpecterOps aspires to set the cadence for the rest of the cyber security industry and bring unique insight and training into the advanced threat actor tradecraft. Our team has deep experience built through helping hundreds of clients shut down attack paths, evaluate, and develop security operations programs, providing premier adversarial training courses to thousands of students in advanced adversary Tactics, Techniques, and Procedures (TTPs), and sponsoring numerous projects to help the security industry as a whole.
Our security team consists of some of the most sought-after industry experts, bringing deep knowledge of adversary tradecraft and years of experience in attack path management and improving threat detection and response capabilities across both commercial and government sectors.
You have likely found many of our team members speaking at industry conferences on the latest adversary tools and techniques, providing numerous research papers and posts, and developing some of the most widely used open-source tools in the industry.
Our team members are on the forefront of security research, and we are always willing to share our knowledge of attack path management, tradecraft analysis, and other adversary tactics. The objective of every solution we offer is to provide our customers with capabilities to improve their own security operations, not only while we’re there, but even after we’re gone.
We share our operational knowledge and lessons learned in the cyber security field with your team to hone their skill sets, their efficiency, and ultimately better secure your business.
Leveraging expertise built through years of cyber security training, experience and assessments across industries and hundreds of environments, our operators use our understanding of advanced adversary Tactics, Techniques, and Procedures (TTPs) to effectively assess and improve your security posture and ability to respond to today’s sophisticated attacks.
Whether you are building new adversary tradecraft detection and simulation teams or looking to mature existing competencies, we provide an effective approach focused on comprehensively integrating technical components into the overall cyber security operations program, ensuring robust prevention, detection, attack path management, and response capabilities.
The human component to any security program is critical. Building fundamental knowledge and perfecting the skills necessary to protect the enterprise through realistic adversary training is essential to robust security programs. Our cyber security training courses and solutions equip participants with the skills to attack, defend, and harden their environments against advanced threat actors.
From the creators of BloodHound, an Attack Path Management solution that continuously maps and quantifies Active Directory Attack Paths. Remove millions of Attack Paths within your existing architecture and eliminate the attacker’s easiest, most reliable, and most attractive target.
Earlier this year, I was tasked with developing a follow-on course for our renowned Adversary Tactics: Red Team Operations course. The new course needed to cover the advanced tradecraft we perform on engagements and teach students how to navigate highly secure environments. I decided to focus on “Identity-Driven Offensive Tradecraft”, which ultimately became the course […]
Earlier this year, I was tasked with developing a follow-on course for our renowned Adversary Tactics: Red Team Operations course. The new course needed to cover the advanced tradecraft we perform on engagements and teach students how to navigate highly secure environments. I decided to focus on “Identity-Driven Offensive Tradecraft”, which ultimately became the course […]
A brief overview of Mythic 3.3’s new features Eventing Flows Mythic 3.3 Updates Mythic 3.3 has too many updates to mention them all here, so if you want a deeper dive into the change log, please check it out on GitHub. Instead, we’re going to focus on the biggest changes and why you should care. Because this Mythic […]
PHISHING SCHOOL How to Make Your Phishing Sites Blend In As you read this, bots are coming to find and destroy your phishing sites. You need to protect them before it’s too late! But how? A phishing page is no good if our targets never get to see it. After bypassing the secure email gateway, convincing a […]
BLUF: Every attack path needs a destination. This is a formalized way of describing destinations in AWS. In cloud providers where we only have data plane access, we divert our focus from an arbitrary definition of administrator to resources we care about. How many administrators are in your AWS environment? Does it even matter? This is seemingly […]
PHISHING SCHOOL Convincing Targets to Click Your Links When it comes to phishing advice, the number one question I get from co-workers is “what campaigns are you using?”. People see my success, and wish to emulate it. Well, if a phish is what you wish, I would like you to meet my friend Ish: Who am I? […]
Attack Path Management Because Every Snowflake (Graph) is Unique Introduction On June 2nd, 2024, Snowflake released a joint statement with Crowdstrike and Mandiant addressing reports of “[an] ongoing investigation involving a targeted threat campaign against some Snowflake customer accounts.” A SpecterOps customer contacted me about their organization’s response to this campaign and mentioned that there seems […]
Lateral Movement with the .NET Profiler The accompanying code for this blogpost can be found HERE. Intro I spend a lot of my free time modding Unity games. Since Unity is written in C#, the games are very easy to work with compared to those that compile to unmanaged code. This makes it a perfect hobby project to […]
TL;DR: Using Ludus as the backend, and with the help of Erik at Bad Sector Labs, I present a fully customizable SCCM deployment you can integrate into your home lab. https://github.com/Synzack/ludus_sccm Intro The past couple of years have been an exciting time in Microsoft Endpoint Configuration Manager (formerly System Center Configuration Manager [SCCM]) tradecraft. I’ve […]
On Detection: Tactical to Functional When the Operation is not Enough Introduction A while back, I was working on deconstructing a standard variation of Token Theft and stumbled into a couple of interesting edge cases that my model still needed to account for. Below is the operation chain for one of the most common Token Impersonation […]
