SpecterOps aspires to set the cadence for the rest of the security industry and bring unique insight into the advanced threat actor tradecraft. Our team has deep experience built through helping hundreds of clients shut down attack paths, evaluate, and develop security operations programs, providing premier training courses to thousands of students in advanced adversary Tactics, Techniques, and Procedures (TTPs), and sponsoring numerous projects to help the industry as a whole.
Our team consists of some of the most sought-after industry experts, bringing deep knowledge of adversary tradecraft and years of experience in attack path management and improving detection and response capabilities across both commercial and government sectors.
You have likely found many of our team members speaking at industry conferences on the latest adversary tools and techniques, providing numerous research papers and posts, and developing some of the most widely used open-source tools in the industry.
Our team members are on the forefront of security research, and we are always willing to share our knowledge openly. The objective of every solution we offer is to provide our customers with capabilities to improve their own security operations, not only while we’re there, but even after we’re gone.
We share our operational knowledge and lessons learned in the field with your team to hone their skill sets, their efficiency, and ultimately better secure your business.
Leveraging expertise built through years of experience and assessments across industries and hundreds of environments, our operators use our understanding of advanced Tactics, Techniques, and Procedures (TTPs) to effectively assess and improve your security posture and ability to respond to today’s sophisticated attacks.
Whether you are building new adversary detection and simulation teams or looking to mature existing competencies, we provide an effective approach focused on comprehensively integrating technical components into the overall security operations program, ensuring robust prevention, detection, and response capabilities.
The human component to any security program is critical. Building fundamental knowledge and perfecting the skills necessary to protect the enterprise through realistic training is essential to robust security programs. Our training courses and solutions equip participants with the skills to attack, defend, and harden their environments against advanced threat actors.
From the creators of BloodHound, an Attack Path Management solution that continuously maps and quantifies Active Directory Attack Paths. Remove millions of Attack Paths within your existing architecture and eliminate the attacker’s easiest, most reliable, and most attractive target.
What is Tier Zero — Part 2 Round 2! This is Part 2 of our webinar and blog post series Defining the Undefined: What is Tier Zero. In Part 1, we gave an introduction to the topic and explained why the reader should care. We discussed Microsoft’s original list of Tier Zero Active Directory (AD) groups, and we defined […]
Why Do We Need New Tooling for Registry Collection? The Windows registry, an intricate database storing settings for both the operating system and the applications that run on it, is a treasure trove of valuable information. It is known. For this reason, countless offensive security tools have emerged to query the Windows registry, especially for […]
tl:dr: The SCCM AdminService API is vulnerable to NTLM relaying and can be abused for SCCM site takeover. Prior Work and Credit Before I get started, I’d like to acknowledge some of the work previously done that inspired researching SCCM. Chris Thompson previously covered multiple issues involving SCCM, including a site takeover primitive via MSSQL, and […]
I’m proud to announce the availability of BloodHound Community Edition (BloodHound CE)! What you need to know: The free and open-source version of BloodHound is now known as BloodHound CE and will remain free and open-source forever under the Apache 2.0 License BloodHound CE now shares a common code base and documentation with BloodHound Enterprise (BHE), and […]
Summary The BloodHound code-convergence project brings some significant and long-desired feature enhancements to BloodHound Enterprise (BHE): Cypher search, including pre-built queries for AD and Azure Built-in support for offline data collection (i.e., control systems or acquisition use cases) Expanded capabilities for pathfinding BloodHound Enterprise customers will get access to these features on Monday, August 7, 2023, and […]
Summary SpecterOps is pleased to announce BloodHound Community Edition (CE) will be available in early access on August 8, 2023! In this blog: BloodHound is now BloodHound CE; new name, slightly different look, same purpose and capability. BloodHound CE has new features and is based on the BloodHound Enterprise (BHE) code base. As a result, BloodHound CE […]
Introduction The offensive security industry is a curious one. On the one hand, we are ahead in various trends (or “thought leadership,” as some would have us term it) and are used to literally “moving fast and breaking things.” On the other hand, we’re far behind similar disciplines. One major area where offensive security has […]
Windows offers tons of useful tools that administrators can leverage to perform their daily jobs. A lot of times, those tools are looked at from an offensive standpoint and use cases for them are discovered. Earlier this year I read a message from a co-worker Lee Christensen (@tifkin_) about Service Performance DLLs and upon further […]
Introduction Let me paint a picture for you. You’re on a red team operation, operating from your favorite C2, and have just landed on a user’s workstation. You decide to take a look at their DNS cache to get a list of internal resources the user has been browsing and as you look through the […]
What is Tier Zero — Part 1 Tier Zero is a crucial group of assets in Active Directory (AD) and Azure. Its purpose is to protect the most critical components by creating a security boundary and preventing a complete compromise. Defining Tier Zero for your environment is not a straightforward task. It involves examining various assets and their […]
