From talks to training to our Kennel Club, SpecterOps will be forefront at Black Hat USA Learn more
blog category

Research & Tradecraft

image for Introducing TailscaleHound: Mapping Tailscale Attack Paths in BloodHound

Research & Tradecraft

Introducing TailscaleHound: Mapping Tailscale Attack Paths in BloodHound

TL;DR: TailscaleHound is an OpenGraph collector for BloodHound that maps Tailscale users, devices, groups, tags, ACLs,...

By: Andrew Luke, Andrew Gomez
May 21, 2026 • 12 min read
Read Post
image for Shift Happens – Uncovering Two Built-in Command Injections in Windows Context Menus

Research & Tradecraft

Shift Happens – Uncovering Two Built-in Command Injections in Windows Context Menus

TL;DR: Two command injection vulnerabilities exist in the Windows Explorer “Open PowerShell window here” context menu...

By: Remi GASCOU
May 7, 2026 • 14 min read
Read Post
image for The Accidental C2: Exploring Dev Tunnels for Remote Access

Research & Tradecraft

The Accidental C2: Exploring Dev Tunnels for Remote Access

Dev Tunnels aren’t "just port forwarding". They consist of layers of embedded protocols with RPC messages...

By: Adam Chester
May 6, 2026 • 21 min read
Read Post
image for How We Think about Red Teaming

Research & Tradecraft

How We Think about Red Teaming

TL;DR: Red teaming means different things to different vendors. We discuss how SpecterOps defines it, why...

By: Russel Van Tuyl
May 6, 2026 • 7 min read
Read Post
image for Into The Rainbow: Google’s NTLMv1 Rainbow Tables Explained in a Bit Too Much Detail

Research & Tradecraft

Into The Rainbow: Google’s NTLMv1 Rainbow Tables Explained in a Bit Too Much Detail

TL;DR: Google published a blog post with accompanying rainbow tables targeting the Data Encryption Standard (DES)...

By: Skyler Knecht
Apr 16, 2026 • 10 min read
Read Post
image for Ghostwriter v6.3.0 and CLI v1.0.0: New Activity Logging, Faster Installs, and Better Writing QA

Research & Tradecraft

Ghostwriter v6.3.0 and CLI v1.0.0: New Activity Logging, Faster Installs, and Better Writing QA

TL;DR: Ghostwriter v6.3.0 makes day-to-day operations faster and more integrated, with a redesigned activity log that...

By: Christopher Maddalena
Apr 10, 2026 • 11 min read
Read Post
image for Janus: Listen to Your Logs

Research & Tradecraft

Janus: Listen to Your Logs

TLDR: Operators are telling you what to build. Janus listens. Every failed command, retry, and workaround...

By: Gavin Kramer
Apr 10, 2026 • 11 min read
Read Post
image for ghostsurf: From NTLM Relay to Browser Session Hijacking

Research & Tradecraft

ghostsurf: From NTLM Relay to Browser Session Hijacking

TL;DR: ntlmrelayx‘s SOCKS proxy works great for SMB and MSSQL but fails when you try to...

By: Allen DeMoura
Apr 2, 2026 • 17 min read
Read Post
image for Ludus SCCM Lab Expansion

Research & Tradecraft

Ludus SCCM Lab Expansion

TL;DR : While writing ConfigManBearPig, a PowerShell script that enables collection of SCCM-related attack paths for...

By: Chris Thompson
Apr 1, 2026 • 6 min read
Read Post