blog category

Blog

image for Getting the Most Value Out of the OSCP: The Exam

Blog

Getting the Most Value Out of the OSCP: The Exam

A practical guide to maximizing the short- and long-term benefits of your upcoming OSCP exam attempt(s)....

Apr 22, 2025 • 19 min read
Read Post
image for The Renaissance of NTLM Relay Attacks: Everything You Need to Know

Blog

The Renaissance of NTLM Relay Attacks: Everything You Need to Know

NTLM relay attacks have been around for a long time. While many security practitioners think NTLM...

Apr 8, 2025 • 40 min read
Read Post
image for The SQL Server Crypto Detour

Blog

The SQL Server Crypto Detour

As part of my role as Service Architect here at SpecterOps, one of the things I’m...

Apr 8, 2025 • 12 min read
Read Post
image for An Operator’s Guide to Device-Joined Hosts and the PRT Cookie

Blog

An Operator’s Guide to Device-Joined Hosts and the PRT Cookie

About five years ago, Lee Chagolla-Christensen shared a blog detailing the research and development process behind...

Apr 7, 2025 • 15 min read
Read Post
image for Do You Own Your Permissions, or Do Your Permissions Own You?

Blog

Do You Own Your Permissions, or Do Your Permissions Own You?

tl;dr: Less FPs for Owns/WriteOwner and new Owns/WriteOwnerLimitedRights edges Before we get started, if you’d prefer...

Mar 26, 2025 • 8 min read
Read Post
image for Getting the Most Value Out of the OSCP: The PEN-200 Labs

Blog

Getting the Most Value Out of the OSCP: The PEN-200 Labs

How to leverage the PEN-200 simulated black-box penetration testing scenarios for maximal self-improvement and career success. Disclaimer:...

Mar 25, 2025 • 16 min read
Read Post
image for Getting Started with BHE — Part 2

Blog

Getting Started with BHE — Part 2

Contextualizing Tier Zero TL;DR An accurately defined Tier Zero provides an accurate depiction of Attack Path Findings...

Mar 19, 2025 • 10 min read
Read Post
image for Getting Started with BHE — Part 1

Blog

Getting Started with BHE — Part 1

Understanding Collection, Permissions, and Visibility of Your Environment TL;DR Attack Path visibility is dependent upon scope...

Mar 12, 2025 • 6 min read
Read Post
image for Decrypting the Forest From the Trees

Blog

Decrypting the Forest From the Trees

TL;DR: SCCM forest discovery accounts can be decrypted including accounts used for managing untrusted forests. If...

Mar 6, 2025 • 10 min read
Read Post