blog category
Research & Tradecraft
Research & Tradecraft
ADCS Attack Paths in BloodHound — Part 2
ADCS Attack Paths in BloodHound — Part 2 In Part 1 of this series, we explained how we incorporated...
May 1, 2024 • 13 min read
Read Post
Research & Tradecraft
In August of last year, @tifkin_, @0xdab0, and I released Nemesis, our offensive data enrichment platform....
Apr 25, 2024 • 10 min read
Read Post
Research & Tradecraft
Thank you to SpecterOps for supporting this research, to Elad for helping draft this blog, and...
Apr 17, 2024 • 35 min read
Read Post
Research & Tradecraft
Rooting out Risky SCCM Configs with Misconfiguration Manager
tl;dr: I wrote a script to identify every TAKEOVER and ELEVATE attack in Misconfiguration Manager. Ever...
Apr 11, 2024 • 4 min read
Read Post
Research & Tradecraft
Ghostwriter v4.1: The Custom Fields Update
Let’s dive into what makes this so exciting! There’s so much to cover that we won’t...
Apr 5, 2024 • 7 min read
Read Post
Research & Tradecraft
Getting Intune with Bugs and Tokens: A Journey Through EPM
Written by Zach Stein & Duane Michael SpecterOps Hackathon Back in January, SpecterOps held our annual hackathon...
Apr 2, 2024 • 19 min read
Read Post
Research & Tradecraft
How MS Exchange on-premises compromises Active Directory and what organizations can do to prevent that. At SpecterOps,...
Mar 20, 2024 • 28 min read
Read Post
Research & Tradecraft
Summoning RAGnarok With Your Nemesis
I hope I’m Not Too Late With the explosion of large language model (LLM) use, everyone is...
Mar 13, 2024 • 16 min read
Read Post
Research & Tradecraft
Browserless Entra Device Code Flow
Zugspitze, Bavaria, Germany. Photo by Andrew Chiles Did you know that it is possible to perform every...