SpecterOps Blog

Research & Tradecraft

Into The Rainbow: Google’s NTLMv1 Rainbow Tables Explained in a Bit Too Much Detail

TL;DR: Google published a blog post with accompanying rainbow tables targeting the Data Encryption Standard (DES) key space. The tables…

BloodHound

What’s New in the BloodHound Query Library: BYOL, OpenGraph, Multi-Server, and More

BloodHound Query Library - queries.bloodhound.io - update details: import custom query sources & shipping with three OpenGraph extension sources (Jamf,…

BloodHound

BloodHound 9.0 — Product Updates

Two weeks ago, we announced the new BloodHound Enterprise with OpenGraph extensions to extend attack path management to environments like…

BloodHound

BloodHound Has Changed. Your Course Probably Hasn’t.

BloodHound has moved fast and not all courses have kept up. If you create or maintain a course or training…

Research & Tradecraft

Ghostwriter v6.3.0 and CLI v1.0.0: New Activity Logging, Faster Installs, and Better Writing QA

TL;DR: Ghostwriter v6.3.0 makes day-to-day operations faster and more integrated, with a redesigned activity log that ties actions directly to…

Research & Tradecraft

Janus: Listen to Your Logs

TLDR: Operators are telling you what to build. Janus listens. Every failed command, retry, and workaround during an engagement is…

Mythos, Machine-Speed Exploitation, and the Growing Importance of Identity Attack Paths

When Anthropic announced Mythos and the associated rollout plan, it sparked an immediate wave of discussion across the cybersecurity community.…

Industry Insights

AI Red Teaming Still Comes Back to Identity, Access, and Attack Paths 

Most enterprise AI system risk is not a novel model failure; it’s familiar security failure modes showing up in systems…

Research & Tradecraft

ghostsurf: From NTLM Relay to Browser Session Hijacking

TL;DR: ntlmrelayx‘s SOCKS proxy works great for SMB and MSSQL but fails when you try to browse a web application…