Introducing BloodHound 4.3 — Get Global Admin More Often

Ghostwriter is changing! We try to be transparent with our development work, but it has been tricky to make that information accessible. We tried to use a Trello board, blog [...]

For the past two years I’ve been trying to get a grasp on the field of machine learning with the hopes of applying it to both offense and defense. At [...]

The past few years have been incredibly tumultuous and emotionally difficult for us all. As the CEO of SpecterOps, I have felt our employees, customers, and community were best served [...]

In July of 2021, we launched BloodHound Enterprise. Since then, our customers have been using BHE to easily identify and eliminate millions, even billions of attack paths in their on-prem [...]

This post was written by Matt Hand and the rest of the SpecterOps team. Overview SpecterOps is a huge proponent of the “assumed breach” red team execution model where we [...]

Attack Path Management Pillars: Part 3 —Practical AD Security Remediation Guidance Historically, Identity Attack Paths are a double edge sword; remediation efforts can easily break production applications or create more [...]

Loading malicious dylibs into the Tclsh binary Background As detection of osascript command-line executions has increased, I started looking more into alternative forms of payload execution. As a result of this [...]

Introducing BloodHound 4.1 — The Three Headed Hound Prior Work Analyzing Active Directory attack paths using graph theory is not a new concept. Prior work includes the following: Heat-ray by John Dunagan, Alice [...]

Apollo 2.0 — New Year, New Features Introduction At the beginning of 2020, I took my first real foray into programming. Inspired by Cody Thomas’s Mythic, I undertook to, what was unbeknownst to [...]