Introducing BloodHound Scentry: Accelerate your APM practice. Learn More
blog category

Research & Tradecraft

image for Ghostwriter v6.1 — Playing Fetch with BloodHound

Research & Tradecraft

Ghostwriter v6.1 — Playing Fetch with BloodHound

Ghostwriter v6.1 introduces a full-featured BloodHound integration that lets you import BloodHound data and findings directly within your projects, alongside new collaborative project notes, upgraded caption editor objects,...

By: Christopher Maddalena
Dec 5, 2025 • 6 min read
Read Post
image for Mapping Deception Solutions With BloodHound OpenGraph  – Configuration Manager

Research & Tradecraft

Mapping Deception Solutions With BloodHound OpenGraph  – Configuration Manager

TL;DR: At SpecterOps, we look at Attack Path Management from multiple perspectives, including those of identifying...

By: Joshua Prager
Feb 19, 2026 • 20 min read
Read Post
image for STOP THE CAP: Making Entra ID Conditional Access Make Sense Offline

Research & Tradecraft

STOP THE CAP: Making Entra ID Conditional Access Make Sense Offline

TL;DR: Conditional Access is powerful but hard to reason about once policies start to overlap. CAPSlock...

By: Lee Robinson
Feb 17, 2026 • 18 min read
Read Post
image for V8 Heap Archaeology: Finding Exploitation Artifacts in Chrome’s Memory

Research & Tradecraft

V8 Heap Archaeology: Finding Exploitation Artifacts in Chrome’s Memory

TL;DR : This post aims to introduce readers to the anatomy and detection of JavaScript memory corruption...

By: Liam D.
Feb 11, 2026 • 17 min read
Read Post
image for Weaponizing Whitelists: An Azure Blob Storage Mythic C2 Profile

Research & Tradecraft

Weaponizing Whitelists: An Azure Blob Storage Mythic C2 Profile

TL;DR: Mature enterprises lock down egress but often carve out broad exceptions for trusted cloud services....

By: Andrew Gomez, Allen DeMoura
Jan 30, 2026 • 10 min read
Read Post
image for Hacking Humans: Social Engineering and the Psychology

Research & Tradecraft

Hacking Humans: Social Engineering and the Psychology

TL;DR : Social engineering engagements are the most exciting and heart pumping, “in my opinion”. It...

By: John Wotton
Jan 23, 2026 • 12 min read
Read Post
image for Task Failed Successfully – Microsoft’s “Immediate” Retirement of MDT

Research & Tradecraft

Task Failed Successfully – Microsoft’s “Immediate” Retirement of MDT

TL;DR – After reporting vulnerabilities found in MDT, Microsoft chose to retire the service rather than...

By: Garrett Foster
Jan 21, 2026 • 12 min read
Read Post
image for Updates to the MSSQLHound OpenGraph Collector for BloodHound

Research & Tradecraft

Updates to the MSSQLHound OpenGraph Collector for BloodHound

tl;dr: MSSQLHound, a PowerShell script that collects security information from remote MSSQL Server instances, now scans...

By: Chris Thompson
Jan 20, 2026 • 7 min read
Read Post
image for One WSL BOF to Rule Them All

Research & Tradecraft

One WSL BOF to Rule Them All

TL;DR – Windows Subsystem for Linux (WSL) is a powerful way for attackers to hide from...

By: Daniel Mayer
Jan 16, 2026 • 14 min read
Read Post
image for MSSQL and SCCM Elevation of Privilege Vulnerabilities

Research & Tradecraft

MSSQL and SCCM Elevation of Privilege Vulnerabilities

TL;DR: I found two privilege escalation vulnerabilities, one in MSSQL (CVE-2025-49758) and one in Microsoft Configuration...

By: Chris Thompson
Jan 15, 2026 • 16 min read
Read Post