Get a Demo

Resources

SpecterOps Projects
Free and Open Source

Research & Insights

Webinar & Report

VIRTUAL

Trends in Identity Attack Path Management

Watch Now

Research

White Papers

The Renaissance of NTLM Relay Attacks: Everything You Need to Know

NTLM relay attacks are still viable and more dangerous than ever, despite the common belief that the problem has been solved or minimized.

Certified Pre-Owned

Explore how Active Directory Certificate Services (AD CS) poses risks, including credential theft and domain escalation, demanding awareness.

An ACE Up the Sleeve

This paper offers technical insights on building backdoors through misconfigured security descriptors, including ACE enumeration, BloodHound mapping, and defensive considerations, with case studies and future research prospects.

A Voyage to Uncovering Telemetry

This paper introduces capability abstraction methodology to enhance detection by dissecting attack techniques and underlying technologies, particularly noting the lack of telemetry on Remote Procedure Calls (RPC), prompting further investigation.

Subverting Sysmon

This paper focuses on assessing security product effectiveness, which necessitates unbiased evaluation. Key considerations include detection coverage, resilience to bypasses, and understanding attacker motivations.

A Process is No One

This paper discusses the varied definitions of hunting in information security and presents a five-step approach to hypothesis-driven hunting, demonstrated through a case study on Access Token Manipulation.

Subverting Trust in Windows

This paper delves into the subjective nature of trust in computer security, emphasizing the need for organizations to meticulously evaluate technology. Understanding trust validation emerges as a pivotal factor for ensuring effective security measures.

Resources

Case Studies

Large Hospitality Organization Welcomes AD Visibility

Sustaining and Continuous Verification of Tier 0 with BloodHound Enterprise

Large European Retailer Turns to BloodHound Enterprise

Free & Open Source

Affiliated Toolsets

Bloodhound Enterprise

BloodHound

Simulation

Merlin

Simulation

Ghost Manager tool simulation

GhostManager

Simulation

Covenant .NET command and control framework

Covenant

Simulation

Mythic Agents command and control platform for red teaming operations

Mythic

Simulation

SharpChromium

Explore

WireTap

Explore

SharpRDP

Explore

SharpChromium

Explore

WireTap

Explore

SharpRDP

Explore

StayKit

Explore

MoveKit

Explore

PowerSCCM

Explore

Uproot

Explore

PowerForensics

Explore

CimSweep

Explore

ACE

Explore

SharpSploit

Explore

PowerSploit

Explore

PortPlow.io

Explore

KeeThief

Explore

Malleable C2

Explore

GhostPack

Explore

Empire

Explore

Domain Hunter

Explore

Cs2modrewrite

Explore

MythicAgents

Explore

Industry Knowledge

Vulnerability Acknowledgements

Vulnerability Participants Reference

CVE-2020-14979 Matt Hand Go to Reference CVE-2020-10747 Julian Catrambone Go to Reference CVE-2020-9913 Cody Thomas Go to Reference CVE-2020-8884 Lee Christensen Go to Reference CVE-2020-0583 Lee Christensen Go to Reference CVE-2019-18631 Lee Christensen Go to Reference CVE-2019–12757 Matt Nelson Go to Reference CVE-2019-13382 Matt Nelson Go to Reference CVE-2019–13142 Matt Nelson Go to Reference CVE-2019-0683 Will Schroeder, Lee Christensen Go to Reference CVE-2018-8200 Matt Graeber Go to Reference CVE-2018-8204 Matt Graeber, Matt Nelson Go to Reference CVE-2018-8414 Matt Nelson Go to Reference CVE-2018-0854 Matt Graeber Go to Reference CVE-2018-8222 Matt Graeber Go to Reference CVE-2018-8221 Matt Graeber Go to Reference CVE-2018-8212 Matt Nelson Go to Reference CVE-2018-8211 Matt Graeber Go to Reference CVE-2018-8126 Matt Nelson Go to Reference CVE-2018-0958 Lee Christensen Go to Reference CVE-2018-0902 Matt Nelson Go to Reference CVE-2018-0884 Lee Christensen Go to Reference CVE-2018-0827 Matt Nelson Go to Reference CVE-2017-8715 Matt Nelson Go to Reference CVE-2017-8625 Matt Nelson Go to Reference CVE-2017-0219 Matt Graeber Go to Reference CVE-2017-0218 Matt Graeber, Matt Nelson Go to Reference CVE-2017-0216 Matt Graeber Go to Reference CVE-2017-0215 Matt Nelson Go to Reference CVE-2017-0007 Matt Nelson Go to Reference CVE-2016-3346 Matt Graeber Go to Reference ADV170021 Matt Nelson Go to Reference

Resources

Datasheets

Go Beyond Traditional Boundaries with Privilege Zones in BloodHound

Strengthen Your Privileged Access Management Solution with Attack Path Management

SpecterOps Services

SpecterOps Training

BloodHound Enterprise

Maturity Assessment

Penetration Testing

Program Development

Red Team Exercises

Red Team Operations

Tradecraft Analysis

Active Directory: Security Fundamentals

Attack Path Assessment

Get Started

Defend Against
Advanced Attacks

Talk to an Expert