AI Isn’t Changing the Game, It’s Speeding It Up: Rethinking Modern Attack Paths Register Now

SpecterOps Blog

Filters

Categories

Clear all
Clear Search
WriteAccountRestrictions (WAR) – What is it good for?

Research & Tradecraft

WriteAccountRestrictions (WAR) – What is it good for?

TL;DR A lot of things. The User-Account-Restrictions property grants read/write permissions to the user-account-control LDAP attribute, which can be used…

By: Garrett Foster

20 mins
HKLM\SYSTEM\Setup\sMarTdEpLoY –  The (Static) Keys to Abusing PDQ SmartDeploy

Research & Tradecraft

HKLM\SYSTEM\Setup\sMarTdEpLoY –  The (Static) Keys to Abusing PDQ SmartDeploy

TL;DR: Prior to version 3.0.2046, PDQ SmartDeploy used static, hardcoded, and universal encryption keys for secure credential storage. Low-privileged users…

By: Garrett Foster

10 mins
Adding MSSQL to BloodHound with OpenGraph

BloodHound

Adding MSSQL to BloodHound with OpenGraph

TL;DR MSSQLHound is a standalone PowerShell collector that adds 7 new nodes and 37 new MSSQL attack path edges to…

By: Chris Thompson

27 mins
Untrustworthy Trust Builders: Account Operators Replicating Trust Attack (AORTA)

Research & Tradecraft

Untrustworthy Trust Builders: Account Operators Replicating Trust Attack (AORTA)

TL;DR The Incoming Forest Trust Builders group (not AdminSDHolder protected) can create inbound forest trusts with ticket-granting ticket (TGT) delegation…

By: Jonas Bülow Knudsen

20 mins
OneLogin, Many Issues: How I Pivoted from a Trial Tenant to Compromising Customer Signing Keys

Research & Tradecraft

OneLogin, Many Issues: How I Pivoted from a Trial Tenant to Compromising Customer Signing Keys

TL;DR OneLogin was found to have security vulnerabilities in its AD Connector service that exposed authentication credentials and enabled account…

By: Julian Catrambone

11 mins
Understanding & Mitigating BadSuccessor

Research & Tradecraft

Understanding & Mitigating BadSuccessor

TL;DR: BadSuccessor is a new AD attack primitive that abuses dMSAs, allowing an attacker who can modify or create a…

By: Jim Sykora

24 mins
The Renaissance of NTLM Relay Attacks: Everything You Need to Know

Research & Tradecraft

The Renaissance of NTLM Relay Attacks: Everything You Need to Know

NTLM relay attacks have been around for a long time. While many security practitioners think NTLM relay is a solved…

By: Elad Shamir

40 mins
Do You Own Your Permissions, or Do Your Permissions Own You?

Research & Tradecraft

Do You Own Your Permissions, or Do Your Permissions Own You?

tl;dr: Less FPs for Owns/WriteOwner and new Owns/WriteOwnerLimitedRights edges Before we get started, if you’d prefer to listen to a…

By: Chris Thompson

8 mins
Getting the Most Value Out of the OSCP: The PEN-200 Course

Industry Insights

Getting the Most Value Out of the OSCP: The PEN-200 Course

TL;DR In this second post of a five-part series, I provide advice on how to best utilize the PEN-200 course…

By: Kieran Croucher

15 mins

Sign up for the latest updates

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Sign Up For Updates From SpecterOps

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.