AI Isn’t Changing the Game, It’s Speeding It Up: Rethinking Modern Attack Paths Register Now

SpecterOps Blog

Filters

Categories

Clear all
Clear Search
Mapping Deception Solutions With BloodHound OpenGraph  – Configuration Manager

Research & Tradecraft

Mapping Deception Solutions With BloodHound OpenGraph  – Configuration Manager

TL;DR: At SpecterOps, we look at Attack Path Management from multiple perspectives, including those of identifying areas to implement quality…

By: Joshua Prager

20 mins
Task Failed Successfully – Microsoft’s “Immediate” Retirement of MDT

Research & Tradecraft

Task Failed Successfully – Microsoft’s “Immediate” Retirement of MDT

TL;DR – After reporting vulnerabilities found in MDT, Microsoft chose to retire the service rather than fix the issues. As…

By: Garrett Foster

12 mins
Introducing ConfigManBearPig, a BloodHound OpenGraph Collector for SCCM

Research & Tradecraft

Introducing ConfigManBearPig, a BloodHound OpenGraph Collector for SCCM

tl;dr: Security researchers have discovered 30+ unique attack techniques targeting SCCM in the past several years, as its widespread control…

By: Chris Thompson

45 mins
SCCM Hierarchy Takeover via Entra Integration…Because of the Implication

Research & Tradecraft

SCCM Hierarchy Takeover via Entra Integration…Because of the Implication

TL;DR SCCM sites (prior to KB35360093) integrated with Entra ID can be abused to compromise the entire hierarchy. Introduction Despite…

By: Garrett Foster

17 mins
Will WebClient Start

Research & Tradecraft

Will WebClient Start

TL;DR WebClient is a common targeted service for NTLM relay attacks. In this post we will cover if it is…

By: Steven Flores

31 mins
HKLM\SYSTEM\Setup\sMarTdEpLoY –  The (Static) Keys to Abusing PDQ SmartDeploy

Research & Tradecraft

HKLM\SYSTEM\Setup\sMarTdEpLoY –  The (Static) Keys to Abusing PDQ SmartDeploy

TL;DR: Prior to version 3.0.2046, PDQ SmartDeploy used static, hardcoded, and universal encryption keys for secure credential storage. Low-privileged users…

By: Garrett Foster

10 mins
Adding MSSQL to BloodHound with OpenGraph

BloodHound

Adding MSSQL to BloodHound with OpenGraph

TL;DR MSSQLHound is a standalone PowerShell collector that adds 7 new nodes and 37 new MSSQL attack path edges to…

By: Chris Thompson

27 mins
I’d Like to Speak to Your Manager: Stealing Secrets with Management Point Relays

Research & Tradecraft

I’d Like to Speak to Your Manager: Stealing Secrets with Management Point Relays

TL;DR Network Access Account, Task Sequence, and Collection Settings policies can be recovered from SCCM by relaying a remote management…

By: Garrett Foster

24 mins
Misconfiguration Manager: Still Overlooked, Still Overprivileged

Research & Tradecraft

Misconfiguration Manager: Still Overlooked, Still Overprivileged

TL;DR It has been one year since Misconfiguration Manager’s release and the security community has been hard at work researching…

By: Duane Michael, Garrett Foster

8 mins

Sign up for the latest updates

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Sign Up For Updates From SpecterOps

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.