blog category
Blog
Blog
Getting the Most Value Out of the OSCP: The Exam
A practical guide to maximizing the short- and long-term benefits of your upcoming OSCP exam attempt(s)....
Apr 22, 2025 • 19 min read
Read Post
Blog
The Renaissance of NTLM Relay Attacks: Everything You Need to Know
NTLM relay attacks have been around for a long time. While many security practitioners think NTLM...
Apr 8, 2025 • 40 min read
Read Post
Blog
As part of my role as Service Architect here at SpecterOps, one of the things I’m...
Apr 8, 2025 • 12 min read
Read Post
Blog
An Operator’s Guide to Device-Joined Hosts and the PRT Cookie
About five years ago, Lee Chagolla-Christensen shared a blog detailing the research and development process behind...
Apr 7, 2025 • 15 min read
Read Post
Blog
Do You Own Your Permissions, or Do Your Permissions Own You?
tl;dr: Less FPs for Owns/WriteOwner and new Owns/WriteOwnerLimitedRights edges Before we get started, if you’d prefer...
Mar 26, 2025 • 8 min read
Read Post
Blog
Getting the Most Value Out of the OSCP: The PEN-200 Labs
How to leverage the PEN-200 simulated black-box penetration testing scenarios for maximal self-improvement and career success. Disclaimer:...
Mar 25, 2025 • 16 min read
Read Post
Blog
Getting Started with BHE — Part 2
Contextualizing Tier Zero TL;DR An accurately defined Tier Zero provides an accurate depiction of Attack Path Findings...
Mar 19, 2025 • 10 min read
Read Post
Blog
Getting Started with BHE — Part 1
Understanding Collection, Permissions, and Visibility of Your Environment TL;DR Attack Path visibility is dependent upon scope...
Mar 12, 2025 • 6 min read
Read Post
Blog
Decrypting the Forest From the Trees
TL;DR: SCCM forest discovery accounts can be decrypted including accounts used for managing untrusted forests. If...