Trainings, talks, and more with a Halloween twist at Specter Bash, Oct 7-10!
Learn more
Services
PROGRAM DEVELOPMENT
Overview
Developing Capabilities
Expert Support
Assessments
Penetration Testing
Red Team Engagements
Purple Team Assessments
Maturity Assessments
AD Attack Path Assessments
Products
BLOODHOUND
BloodHound
Community Edition
Overview
GitHub
Get Started
BloodHound
Enterprise
Overview
What is Attack Path Management?
Interactive Demos
BloodHound Feature Comparison
Use Cases
BloodHound Enterprise for Government
Privileged Access Governance and Compliance
Scaling Beyond BloodHound Community Edition
Eliminate Lateral Movement and Privilege Escalation
Manage Identity Risk
Mergers and Acquisitions
Support
Get a Demo
Go to Slack
Training
Adversary Tactics Training Courses
Red Team Operations
Identity-Driven Offensive Tradecraft
Tradecraft Analysis
Detection
Vulnerability Research for Operators
Active Directory Security Fundamentals
Azure Security Fundamentals
Private Training
Talk to us
Partners
SpecterOps
Partner Program
Identify your customers attack paths
before attackers do
Become a Partner
Partner Portal Sign In
About
ABOUT US
Who We Are
Values
Team
Careers
News
Announcements
Newsroom
Resources
White Papers
Case Studies
Sponsored Tools
Vulnerability Acknowledgements
Datasheets
Blog
Events
Sponsored Events
Talks
Training Courses
Webinars
Meet Ups
Contact Us
FEATURED BLOG
ADCS Attack Paths in BloodHound — Part 3
Read Post
See All Posts
All
Active Directory
Active Directory Security
Attack Path Management
Azure
Azure Active Directory
Blog
Bloodhound
Bloodhound Enterprise
Credentials
Cybersecurity
Hacking
Information Security
Linux
Microsoft
Offensive Security
Penetration Testing
Ransomware
Red Team
Research
Solutions
Windows
Search
Blog
Latest Posts
Explore on Medium
3 Min Read | Aug 03
BloodHound Enterprise Learns Some New Tricks
Summary The BloodHound code-convergence project brings some significant and long-desired feature enhancements to BloodHound Enterprise (BHE): Cypher search, including pre-built queries for AD and Azure Built-in support for offline data collection [...]
13 Min Read | Aug 02
Challenges In Post-Exploitation Workflows
In our previous post, we talked about the problem of structured data in the post-exploitation community. We touched on the existing relationship between our tools and data and covered some [...]
5 Min Read | Aug 01
Your new best friend: Introducing BloodHound Community Edition
8 Min Read | Jul 26
On (Structured) Data
Introduction The offensive security industry is a curious one. On the one hand, we are ahead in various trends (or “thought leadership,” as some would have us term it) and [...]
8 Min Read | Jul 11
Performance, Diagnostics, and WMI
Windows offers tons of useful tools that administrators can leverage to perform their daily jobs. A lot of times, those tools are looked at from an offensive standpoint and use [...]
9 Min Read | Jun 28
Sowing Chaos and Reaping Rewards in Confluence and Jira
Introduction Let me paint a picture for you. You’re on a red team operation, operating from your favorite C2, and have just landed on a user’s workstation. You decide to [...]
11 Min Read | Jun 22
What is Tier Zero — Part 1
9 Min Read | Jun 12
Understanding Telemetry: Kernel Callbacks
15 Min Read | Jun 07
Less SmartScreen More Caffeine: (Ab)Using ClickOnce for Trusted Code Execution
PREV
<
6
7
8
9
10
11
12
>
NEXT
Get Started
Defend Against
Advanced Attacks
Talk to an Expert