Closing the Gaps: How Attack Path Management Improves Vulnerability Management Programs
In conversation: Pete McKernan & Luke Luckett As organizations seek to wrap their arms around potential cybersecurity exposures, CIOs and CISOs are increasingly pushing their vulnerability management teams to widen scope. With such a focus, the growing concept of continuous threat exposure management (CTEM) aims to prioritize whatever most threatens the enterprise, whether or not such […]
Ghostwriter v4.3: SSO, JSON Fields, and Reporting with BloodHound
Ghostwriter v4.3 is available now, and it enhances features introduced in previous versions of v4 in some exciting ways! In particular, this article will dive into how you can integrate a tool like BloodHound Community Edition (BHCE) with Ghostwriter v4.3. First, we would be remiss if we did not mention the refreshed single sign-on (SSO) feature. […]
ADCS Attack Paths in BloodHound — Part 3
ADCS Attack Paths in BloodHound — Part 3 In Part 1 of this series, we explained how we incorporated Active Directory Certificate Services (ADCS) objects into BloodHound and demonstrated how to effectively use BloodHound to identify attack paths, including the ESC1 domain escalation technique. Part 2 covered the Golden Certificates and the ESC3 techniques. In this blog post, […]
Mythic 3.3 — Out of Beta Mythic 3.3 was released in a Beta six weeks ago, and since then there has been a bunch of feedback, not just about new Mythic 3.3 features but about the framework overall. Now that Mythic is exiting Beta and going to a full release, I wanted to take a moment and highlight […]
Ghostwriter ❤ Tool Integration
Incorporating new components into existing systems is such a pain, this process has been labeled “Integration Hell”. To ease tool integration, Ghostwriter v3.0.0 shipped with a GraphQL API. This API allows outside entities to easily query and manipulate Ghostwriter’s data. In this blogpost, we’ll use our Operation Log Generator to demonstrate the capabilities of this API. […]
Life at SpecterOps: The Red Team Dream
TL;DR We are hiring consultants at various levels. The job posting can be found under the Consultant opening here: https://specterops.io/careers/#careers Introduction Hey there! I’m Duane Michael, a Managing Consultant and red teamer at SpecterOps. Over the past four years, I’ve had a front-row seat to the company’s incredible journey. In that time, we’ve grown by […]
PHISHING SCHOOL A Decade of Distilled Phishing Wisdom I decided to give away all of my phishing secrets for free. I realized at some point that I have been giving away phishing secrets for years, but only to select individuals, and only one at a time. That method of knowledge dissemination is terribly inefficient! So here […]
Sleeping With the Phishes
Hiding C2 With Stealthy Callback Channels Write a custom command and control (C2) implant — Check ✅ Test it on your system — Check ✅ Test it in a lab against your client’s endpoint detection and response (EDR) product — Check ✅ Convince a target to download the payload — Check ✅ Get your hard […]
BloodHound Operator — Dog Whispering Reloaded
BloodHound Operator — Dog Whispering Reloaded It’s summer 2024 and we are back! Actually, we are SO back, so I decided that this required a little blog post. If you like BloodHound & PowerShell, and if you want to automate all the BloodHound things, this post is written for you. In the last part, I’ll be sharing a […]
Hybrid Attack Paths, New Views and your favorite dog learns an old trick
Introducing Hybrid Attack Paths Death from Above: An Attack Path from Azure to Active Directory With BloodHound When we introduced Azure Attack Paths into BloodHound, they were added as a completely separate sub-graph. At no point did Active Directory (AD) and Azure connect within a BloodHound dataset. Ever since adding Azure (honestly, even before that), we’ve […]