SpecterOps Blog

Research & Tradecraft

Mythic v3.2 Highlights: Interactive Tasking, Push C2, and Dynamic File Browser

TL;DR; Mythic v3.2 has Push C2, Interactive Async Tasking, TypedArray parameters, new graphing libraries in the UI, database migrations, dynamic…

Research & Tradecraft

Merlin’s Evolution: Multi-Operator CLI and Peer-to-Peer Magic

Image Generated by https://hotpot.ai/art-generator Over the past year, I’ve been working on making significant updates to Merlin in my free…

Research & Tradecraft

On Detection: Tactical to Functional

Part 11: Functional Composition Introduction Welcome back to part 11 of the On Detection blog series. This next article serves…

Research & Tradecraft

Part 11: Functional Composition

Research & Tradecraft

Streamlining Devcontainer Workflow: SSH Authentication and Key Signing with 1Password

Research & Tradecraft

Abusing Slack for Offensive Operations: Part 2

When I first started diving into offensive Slack access, one of the best public resources I found was a blog…

Research & Tradecraft

Lateral Movement without Lateral Movement (Brought to you by ConfigMgr)

Introduction Earlier this year, I submitted a pull request to SharpSCCM’s repository. SharpSCCM is a tool that Chris Thompson developed…

Research & Tradecraft

Phishing With Dynamite

Token stealing is getting harder. Instead, stealing whole logged-in browser instances may be an easier and more generic approach. One…

Research & Tradecraft

Domain of Thrones: Part II

Written by Nico Shyne & Josh Prager Introduction Part II In the first installment of “Domain of Thrones,” we meticulously explored an…