Services
PROGRAM DEVELOPMENT
Overview
Developing Capabilities
Expert Support
Assessments
Penetration Testing
Red Team Engagements
Purple Team Assessments
Maturity Assessments
Solutions
BloodHound Enterprise
Training
Adversary Tactics Training Courses
Red Team Operations
Tradecraft Analysis
Mac Tradecraft
Detection
Vulnerability Research for Operators
Active Directory Security Fundamentals
Private Training
Talk to us
About
ABOUT
Who We Are
Values
Team
Careers
News
Announcements
Media
Resources
Recent Posts
White Papers
Sponsored Tools
Vulnerability Acknowledgements
Datasheets
Blog
Events
Sponsored Events
Talks
Training Courses
Webinars
Contact Us
FEATURED BLOG
Introducing BloodHound 4.3 — Get Global Admin More Often
Read Post
All
Blog
Research
Solutions
Search
Blog
All Posts
6 Min Read | Mar 15
Uncovering Windows Events
Threat Intelligence ETW Not all manifest-based Event Tracing for Windows (ETW) providers that are exposed through Windows are ingested into telemetry sensors/EDR’s. One provider commonly that is leveraged by vendors [...]
9 Min Read | Feb 15
Abusing Azure App Service Managed Identity Assignments
Intro Azure App Service is a Platform-as-a-Service product that promises to improve web application deployment, hosting, availability, and security. Web Apps hosted by Azure App Service are organized into Azure [...]
8 Min Read | Feb 10
Telemetry Layering
Introduction Creating detections can be challenging. There often isn’t a “simple” way to detect something, and once we see an event that seems to correlate with the activity we are [...]
4 Min Read | Feb 08
Ghostwriter v3.2 Release
SpecterOps has released Ghostwriter v3.2 with some significant enhancements we think you’ll like. We overhauled how you interact with operation logs and added support for tagging clients, projects, reports, findings, [...]
15 Min Read | Jan 25
At the Edge of Tier Zero: The Curious Case of the RODC
The read-only Domain Controller (RODC) is a solution that Microsoft introduced for physical locations that don’t have adequate security to host a Domain Controller but still require directory services for [...]
9 Min Read | Jan 18
The Defender’s Guide to Windows Services
It’s dangerous to find malicious services alone! Take this! Authors: Luke Paine & Jonathan Johnson Introduction This is the second installment of the Defender’s Guide series. In keeping with the theme, we [...]
7 Min Read | Jan 12
SCCM Site Takeover via Automatic Client Push Installation
tl;dr: Install hotfix KB15599094 and disable NTLM for client push installation. While reading SCCM Current Branch Unleashed and stepping through the site installation process, I found something interesting — the primary site [...]
13 Min Read | Dec 21
Passwordless Persistence and Privilege Escalation in Azure
Adversaries are always looking for stealthy means of maintaining long-term and stealthy persistence and privilege in a target environment. Certificate-Based Authentication (CBA) is an extremely attractive persistence option in Azure [...]
6 Min Read | Dec 01
Stalking inside of your Chromium Browser
Revisiting Remote Debugging Okay, you got your favorite agent running on the target machine. You did a process listing, but nothing interesting popped out. You searched through every possible thing, [...]
PREV
1
2
3
4
5
6
7
8
NEXT
Get Started
Defend Against
Advanced Attacks
Talk to an Expert