SpecterOps Blog

Research & Tradecraft

Machine Learning Series Chapter 1

MICROGRAD FOR MORTALS TL;DR Let’s use Micrograd to explain core ML concepts like supervised learning, regression, classification, loss functions, and…

Requesting Entra ID Tokens with Entra ID SSO Cookies

TL;DR This post explains how to request OAuth tokens and enumerate an Entra ID tenant by using an SSO cookie…

Research & Tradecraft

Misconfiguration Manager: Still Overlooked, Still Overprivileged

TL;DR It has been one year since Misconfiguration Manager’s release and the security community has been hard at work researching…

BloodHound

Good Fences Make Good Neighbors: New AD Trusts Attack Paths in BloodHound

TL;DR The ability of an attacker controlling one domain to compromise another through an Active Directory (AD) trust depends on…

Research & Tradecraft

Untrustworthy Trust Builders: Account Operators Replicating Trust Attack (AORTA)

TL;DR The Incoming Forest Trust Builders group (not AdminSDHolder protected) can create inbound forest trusts with ticket-granting ticket (TGT) delegation…

Research & Tradecraft

Lost in Translation: How L33tspeak Might Throw Sentiment Analysis Models for a Loop

TL;DR Sentiment analysis models are used to assess conventional use of language, but what happens when you engage with them…

Research & Tradecraft

LLMentary, My Dear Claude: Prompt Engineering an LLM to Perform Word-to-Markdown Conversion for Templated Content

While LLMs can expedite parts of the technical writing/editing process, these tools still require human oversight and guidance to provide…

Research & Tradecraft

Ghostwriter v6: Introducing Collaborative Editing

TL;DR: Ghostwriter now supports real-time collaborative editing for observations, findings, and report fields using the YJS framework, Tiptap editor, and…

Research & Tradecraft

Administrator Protection Review

TL;DR Microsoft will be introducing Administrator Protection into Windows 11, so I wanted to have an understanding of how this…