From talks to training to our Kennel Club, SpecterOps will be forefront at Black Hat USA Learn more
blog category

Research & Tradecraft

image for CVE-2026-4387: StrongDM State File Reuse

Research & Tradecraft

CVE-2026-4387: StrongDM State File Reuse

TL;DR : An attacker could transfer StrongDM state files, which hold session authentication information, between hosts...

By: Hope Walker
Jun 1, 2026 • 9 min read
Read Post
image for The Case for Practicing Response Before You Need It

Research & Tradecraft

The Case for Practicing Response Before You Need It

TL;DR: Building a security program and exercising it are not the same investment. Most organizations prioritize the...

By: Russel Van Tuyl
May 28, 2026 • 7 min read
Read Post
image for Don’t Jump the Turnstile: Lessons from the Field

Research & Tradecraft

Don’t Jump the Turnstile: Lessons from the Field

TL;DR: Phishing sandboxes are a pain. Cloudflare Turnstile can be used as an effective solution to...

By: Zach Stein
May 28, 2026 • 15 min read
Read Post
image for Introducing TailscaleHound: Mapping Tailscale Attack Paths in BloodHound

Research & Tradecraft

Introducing TailscaleHound: Mapping Tailscale Attack Paths in BloodHound

TL;DR: TailscaleHound is an OpenGraph collector for BloodHound that maps Tailscale users, devices, groups, tags, ACLs,...

By: Andrew Luke, Andrew Gomez
May 21, 2026 • 12 min read
Read Post
image for Shift Happens – Uncovering Two Built-in Command Injections in Windows Context Menus

Research & Tradecraft

Shift Happens – Uncovering Two Built-in Command Injections in Windows Context Menus

TL;DR: Two command injection vulnerabilities exist in the Windows Explorer “Open PowerShell window here” context menu...

By: Remi GASCOU
May 7, 2026 • 14 min read
Read Post
image for The Accidental C2: Exploring Dev Tunnels for Remote Access

Research & Tradecraft

The Accidental C2: Exploring Dev Tunnels for Remote Access

Dev Tunnels aren’t "just port forwarding". They consist of layers of embedded protocols with RPC messages...

By: Adam Chester
May 6, 2026 • 21 min read
Read Post
image for How We Think about Red Teaming

Research & Tradecraft

How We Think about Red Teaming

TL;DR: Red teaming means different things to different vendors. We discuss how SpecterOps defines it, why...

By: Russel Van Tuyl
May 6, 2026 • 7 min read
Read Post
image for Into The Rainbow: Google’s NTLMv1 Rainbow Tables Explained in a Bit Too Much Detail

Research & Tradecraft

Into The Rainbow: Google’s NTLMv1 Rainbow Tables Explained in a Bit Too Much Detail

TL;DR: Google published a blog post with accompanying rainbow tables targeting the Data Encryption Standard (DES)...

By: Skyler Knecht
Apr 16, 2026 • 10 min read
Read Post
image for Ghostwriter v6.3.0 and CLI v1.0.0: New Activity Logging, Faster Installs, and Better Writing QA

Research & Tradecraft

Ghostwriter v6.3.0 and CLI v1.0.0: New Activity Logging, Faster Installs, and Better Writing QA

TL;DR: Ghostwriter v6.3.0 makes day-to-day operations faster and more integrated, with a redesigned activity log that...

By: Christopher Maddalena
Apr 10, 2026 • 11 min read
Read Post