Introducing BloodHound Scentry: Accelerate your APM practice. Learn More

  • Contact Us
  • Support
  • Blog
SpecterOps
Book a Demo
  • Platform
    • BloodHound Enterprise

      Advance from mapping to eliminating attack paths with the enterprise platform that delivers at scale

      Identity Attack Path Management
      Privilege Zones
      BloodHound Scentry
      Integrations
      Interactive Demo
      APM Maturity Assessment Tool

      BloodHound Community Edition

      Start mapping attack paths with the open-source tool that started it all

      GitHub
      OpenGraph
      Documentation
      Join the Community on Slack

      BloodHound Scentry

      Accelerate your APM practice and reduce identity risk with expert guidance to protect your critical assets.

      Read More
  • Services & Tradecraft
    • OFFENSIVE SERVICES

      Red Team
      Purple Team
      AI Red Team
      Penetration Testing
      Maturity Assessments
      Attack Path Assessment

      TRAINING

      Adversary Tactics

      Red Team Operations
      Identity-Driven Offensive Tradecraft
      Detection
      Tradecraft Analysis

      Adversary Perspectives

      Active Directory
      Azure

      TRAININGS

      SO-CON 2026

      Master in-demand skills with our specialized courses at SO-CON 2026.

      Register Now
  • Solutions
    • SOLUTIONS

      Privileged Access Governance & Compliance
      Eliminate Lateral Movement
      Manage Identity Risk
      Secure Scaling
      Mergers & Acquisitions

      INDUSTRIES

      Public Sector
      Healthcare
      Financial Services

      PARTNERS & INTEGRATIONS

      Partners
      Integrations

      RESOURCES

      Attack Path Management Maturity Model

      Evaluate your ability to stop identity-based attacks

      Read the Whitepaper
  • Community
    • Our Commitment to 
Open Source

      Committed to advancing the community through open source contributions, cutting-edge research, and knowledge sharing

      OPEN SOURCE TOOLS

      BloodHound Community Edition
      Mythic
      Ghostwriter
      Nemesis 2.0
      See All Tools

      Join the Conversation

      Learn from others and share your story on the BloodHoundGang Slack Community

      Connect with us

      OPEN SOURCE RESEARCH

      Ghostwriter illustration

      Collaborative Editing

      Ghostwriter now supports real-time collaborative editing for observation...

      More Info
  • Company
    • ABOUT US

      Why SpecterOps
      News

      GET IN TOUCH

      Careers
      Contact Us

      PRESS RELEASE

      Specter Ops logo on a blue background

      SpecterOps and Tines Partner to Automate Attack Path Management with Native BloodHound Integration

      Learn More

      FEATURED EVENT

      SO-CON 2026

      Conference: April 13-14, 2026
      Training: April 15-18, 2026

      Register
  • Resources
    • RESEARCH

      Case Studies
      White Papers
      Tools
      Datasheets
      Podcasts
      View All

      BLOG

      Research & Tradecraft
      BloodHound
      Industry Insights
      Company Updates
      View All

      EVENTS

      SpecterOps Events
      SO-CON
      Webinars
      Meetups
      Talks
      View All

      BLOG

      Specter Ops logo on a blue background

      Fueling the Fight Against Identity Attacks

      When we founded SpecterOps, one of our core principles was to build a...

      Read article

      RESOURCES

      The Renaissance of NTLM Relay Attacks

      NTLM relay attacks have been around for a long time. While many security...

      Read the Whitepaper
  • Book a Demo
  • Contact Us
    Support
    Blog
  • Book a Demo
  • Platform
    • BloodHound Enterprise

      Advance from mapping to eliminating attack paths with the enterprise platform that delivers at scale

      Identity Attack Path Management
      Privilege Zones
      BloodHound Scentry
      Integrations
      Interactive Demo
      APM Maturity Assessment Tool

      BloodHound Community Edition

      Start mapping attack paths with the open-source tool that started it all

      GitHub
      OpenGraph
      Documentation
      Join the Community on Slack

      BloodHound Scentry

      Accelerate your APM practice and reduce identity risk with expert guidance to protect your critical assets.

      Read More
  • Services & Tradecraft
    • OFFENSIVE SERVICES

      Red Team
      Purple Team
      AI Red Team
      Penetration Testing
      Maturity Assessments
      Attack Path Assessment

      TRAINING

      Adversary Tactics

      Red Team Operations
      Identity-Driven Offensive Tradecraft
      Detection
      Tradecraft Analysis

      Adversary Perspectives

      Active Directory
      Azure

      TRAININGS

      SO-CON 2026

      Master in-demand skills with our specialized courses at SO-CON 2026.

      Register Now
  • Solutions
    • SOLUTIONS

      Privileged Access Governance & Compliance
      Eliminate Lateral Movement
      Manage Identity Risk
      Secure Scaling
      Mergers & Acquisitions

      INDUSTRIES

      Public Sector
      Healthcare
      Financial Services

      PARTNERS & INTEGRATIONS

      Partners
      Integrations

      RESOURCES

      Attack Path Management Maturity Model

      Evaluate your ability to stop identity-based attacks

      Read the Whitepaper
  • Community
    • Our Commitment to 
Open Source

      Committed to advancing the community through open source contributions, cutting-edge research, and knowledge sharing

      OPEN SOURCE TOOLS

      BloodHound Community Edition
      Mythic
      Ghostwriter
      Nemesis 2.0
      See All Tools

      Join the Conversation

      Learn from others and share your story on the BloodHoundGang Slack Community

      Connect with us

      OPEN SOURCE RESEARCH

      Ghostwriter illustration

      Collaborative Editing

      Ghostwriter now supports real-time collaborative editing for observation...

      More Info
  • Company
    • ABOUT US

      Why SpecterOps
      News

      GET IN TOUCH

      Careers
      Contact Us

      PRESS RELEASE

      Specter Ops logo on a blue background

      SpecterOps and Tines Partner to Automate Attack Path Management with Native BloodHound Integration

      Learn More

      FEATURED EVENT

      SO-CON 2026

      Conference: April 13-14, 2026
      Training: April 15-18, 2026

      Register
  • Resources
    • RESEARCH

      Case Studies
      White Papers
      Tools
      Datasheets
      Podcasts
      View All

      BLOG

      Research & Tradecraft
      BloodHound
      Industry Insights
      Company Updates
      View All

      EVENTS

      SpecterOps Events
      SO-CON
      Webinars
      Meetups
      Talks
      View All

      BLOG

      Specter Ops logo on a blue background

      Fueling the Fight Against Identity Attacks

      When we founded SpecterOps, one of our core principles was to build a...

      Read article

      RESOURCES

      The Renaissance of NTLM Relay Attacks

      NTLM relay attacks have been around for a long time. While many security...

      Read the Whitepaper
  • Book a Demo
  • Contact Us
    Support
    Blog
  • Book a Demo

Matt Nelson

See the latest by Matt Nelson

CVE-2023–4632: Local Privilege Escalation in Lenovo System Updater

Research & Tradecraft

CVE-2023–4632: Local Privilege Escalation in Lenovo System Updater

Version: Lenovo Updater Version <= 5.08.01.0009 Operating System Tested On: Windows 10 22H2 (x64) Vulnerability: Lenovo System Updater Local Privilege…

By: Matt Nelson

5 mins

CVE-2019–12757: Local Privilege Escalation in Symantec Endpoint Protection

Research & Tradecraft

CVE-2019–12757: Local Privilege Escalation in Symantec Endpoint Protection

By: Matt Nelson

5 mins

Avira Optimizer Local Privilege Escalation

Research & Tradecraft

Avira Optimizer Local Privilege Escalation

By: Matt Nelson

8 mins

CVE-2019–13382: Local Privilege Escalation in SnagIt

Research & Tradecraft

CVE-2019–13382: Local Privilege Escalation in SnagIt

By: Matt Nelson

9 mins

CVE-2019–13142: Razer Surround 1.1.63.0 EoP

Research & Tradecraft

CVE-2019–13142: Razer Surround 1.1.63.0 EoP

By: Matt Nelson

5 mins

Razer Synapse 3 Elevation of Privilege

Research & Tradecraft

Razer Synapse 3 Elevation of Privilege

By: Matt Nelson

9 mins

CVE-2018–8414: A Case Study in Responsible Disclosure

Research & Tradecraft

CVE-2018–8414: A Case Study in Responsible Disclosure

By: Matt Nelson

13 mins

CVE-2018–8212: Device Guard/CLM bypass using MSFT_ScriptResource

Research & Tradecraft

CVE-2018–8212: Device Guard/CLM bypass using MSFT_ScriptResource

Device Guard and the enlightened scripting environments that come with it are a lethal combination for disrupting attacker activity. Device…

By: Matt Nelson

4 mins

The Tale of SettingContent-ms Files

Research & Tradecraft

The Tale of SettingContent-ms Files

By: Matt Nelson

10 mins

Page 1 / 3
SpecterOps

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Sign Up For Updates From SpecterOps

Platform

BloodHound Enterprise
BloodHound Community Edition

Services and Tradecraft

Offensive Services

TRAINING

Red Team Operations
Identity-Driven Offensive Tradecraft
Detection
Tradecraft Analysis
Active Directory
Azure

Solutions

SOLUTIONS

Privileged Access Governance and Compliance
Eliminate Lateral Movement
Manage Identity Risk
Secure Scaling
Mergers & Acquisitions

INDUSTRIES

Public Sector
Healthcare
Financial Services

PARTNERS & INTEGRATIONS

Partners
Integrations

Resources

Research
Blog
Events
Podcasts
Open Source Tools

Company

Why SpecterOps
News
Careers
Contact

Copyright 2026 Specter Ops, Inc. All Rights Reserved.

Terms of Service
|
Privacy Policy
|
Trust Center