blog category
Research & Tradecraft
Research & Tradecraft
TL;DR Tokenization Confusion: We look at the new Prompt Guard 2 model from Meta, how “confusing”...
By: Adam Chester
Jun 3, 2025 • 20 min read
Read Post
Research & Tradecraft
Getting the Most Value Out of the OSCP: After the Exam
In the final post of this series, I’ll discuss what to do after your latest exam...
By: kieran croucher
Jun 2, 2025 • 20 min read
Read Post
Research & Tradecraft
TL;DR: This post shows how COM hijacking can serve as a reliable persistence method while also...
By: Antero Guy
May 28, 2025 • 7 min read
Read Post
Research & Tradecraft
Understanding & Mitigating BadSuccessor
TL;DR: BadSuccessor is a new AD attack primitive that abuses dMSAs, allowing an attacker who can...
By: Jim Sykora
May 27, 2025 • 24 min read
Read Post
Research & Tradecraft
As part of my role as Service Architect here at SpecterOps, one of the things I’m...
By: Adam Chester
Apr 8, 2025 • 12 min read
Read Post
Research & Tradecraft
An Operator’s Guide to Device-Joined Hosts and the PRT Cookie
About five years ago, Lee Chagolla-Christensen shared a blog detailing the research and development process behind...
By: Matt Creel
Apr 7, 2025 • 15 min read
Read Post
Research & Tradecraft
Do You Own Your Permissions, or Do Your Permissions Own You?
tl;dr: Less FPs for Owns/WriteOwner and new Owns/WriteOwnerLimitedRights edges Before we get started, if you’d prefer...
By: Chris Thompson
Mar 26, 2025 • 8 min read
Read Post
Research & Tradecraft
Getting Started with BHE — Part 2
Contextualizing Tier Zero TL;DR An accurately defined Tier Zero provides an accurate depiction of Attack Path Findings...