Join SpecterOps at
Black Hat USA 2024 & DEF CON 32

Get a personalized demo at the SpecterOps booth

SEE SPECTEROPS AT BLACK HAT USA 2024

Visit us at Booth #2600

Interested in speaking with the creators of your beloved open-source tools such as BloodHound Community Edition, Mythic, and Nemesis? Come visit us at our booth!

As experts in Identity Attack Path Management, we provide premier solutions, services, research, open-source tools, and training, all grounded in a deep understanding of adversary tradecraft. Additionally, discover how BloodHound Enterprise can streamline mitigation efforts, eliminate millions of Attack Paths, and enhance your security posture.

join our SpecterOps Party

Let The Good Times Roll:
A SpecterOps Bowling Party

Ready to kick off Black Hat with a bang? Or maybe you’re here for Defcon? Either way, come hang out with SpecterOps at our epic bowling party at Brooklyn Bowl in Las Vegas!

We’ll have drinks, tasty food, and good convos. And we don’t mean to brag, but our parties are kind of fun… 😎 so you don’t want to miss out!

Registrations will be checked at the door, so please make sure you RSVP. All guests will receive an exclusive swag item.

Due to venue size, admittance is not guaranteed if we exceed headcount. Please register and show up on time.

WED, AUG 7 | 6:30 – 9:30PM PDT

Brooklyn Bowl | 3545 South Las Vegas Boulevard, Las Vegas, NV 89109

Black Hat USA 2024

Trainings

Elevate your skills by signing up for one of our four specialized courses

SpecterOps believes the human component to any security program is critical. Training is an essential part of building fundamental knowledge and perfecting the skills necessary to protect the enterprise; as most experts already know, buying tools and technical capabilities is not enough. The people behind those toolsets are what separates an average team from a high-performance force within your organization.

Trainings

August 3 – 6, 2024

Adversary Tactics: Detection (On-Site at Black Hat USA 2024) Trainings

August 3 – 6, 2024

Adversary Tactics: Red Team Operations (On-Site at Black Hat USA 2024) Trainings

August 3 – 6, 2024

Adversary Tactics: Tradecraft Analysis (On-Site at Black Hat USA 2024) Trainings

August 3 – 4, 2024

Active Directory Security Fundamentals (On-Site at Black Hat USA 2024)

arsenal

Presenting our latest open-source tools

Wed, Aug 7 | 11:25am-12:35pm

Nemesis

Wed, Aug 7 | 12:40pm-1:50pm

Apeman

Wed, Aug 7 | 1:55pm-3:10pm

SCCMHunter

Wed, Aug 7 | 1:55pm-3:10pm

Snapback

Wed, Aug 7 | 11:25am-12:35pm
Nemesis

Location: Business Hall – Arsenal Station 5

Nemesis is an offensive data enrichment pipeline and operator support system. It ingests data from a variety of different offensive C2 frameworks and performs a number of automations and analytics on both downloaded files and different types of collected data. It aims to automate a number of repetitive tasks operators encounter on engagements, empower operators’ analytic capabilities and collective knowledge, and create structured and unstructured data stores of as much operational data as possible to help guide future research and facilitate offensive data analysis.

Learn More

SPEAKER

Lee Chagolla-Christensen

Security Researcher

SPEAKER

Will Schroeder

Security Researcher

SPEAKER

Max Harley

Consultant

Wed, Aug 7 | 12:40pm-1:50pm
Apeman

Location: Business Hall – Arsenal Station 3

Apeman is a tool designed to simplify the understanding of permissions and potential attack paths within an AWS (Amazon Web Services) environment for both attackers and defenders. AWS’s permission model is inherently complex, featuring a detailed policy evaluation system, fine-grained policies, potentially conflicting statements, and various conditions. This complexity can make it challenging to manually determine which principals (users, roles, etc.) have permissions to perform certain actions, leading to a process that is not only tedious but also prone to errors. Apeman addresses this issue by modeling the AWS permission structure within a graph database. This approach enables it to provide an intuitive interface for users to navigate and obtain clear, precise answers about which principals can execute specific actions within the AWS environment. Essentially, it translates the intricate web of AWS permissions into a more understandable and visually navigable format. Furthermore, Apeman offers the capability to dynamically categorize principals into different tiers based on their permissions. Specifically, it can identify which principals or groups of principals are considered “Tier 0.” This categorization is crucial because it highlights the principals with the most significant level of access or potential impact, thereby giving users a clearer understanding of the security posture of their AWS environment. By identifying these high-risk entities, Apeman can help identify which access points are the most crucial for securing or attacking an AWS environment.

Learn More

SPEAKER

Daniel Heinsen

Service Architect

Wed, Aug 7 | 1:55pm-3:10pm
SCCMHunter

Location: Business Hall – Arsenal Station 8

SCCMHunter is a post exploitation framework written in Python designed to streamline identifying, profiling, and attacking SCCM infrastructure and assets in an Active Directory environment. The tool supports attack path identification and abuse for all currently known tradecraft published in Misconfiguration Manager.

Learn More

SPEAKER

Garret Foster

Senior Consultant

Wed, Aug 7 | 1:55pm-3:10pm
Snapback

Location: Business Hall – Arsenal Station 2

Web applications with weak or default passwords are a common easy win for penetration testers. Frequently, network appliances expose a web application for device management that IT staff are not aware of, and therefore never lock down. The only problem for penetration testers is the time it takes to sift through hundreds or even thousands of web interfaces to find ones with weak credentials. This process is usually performed by first taking screenshots of each web service, and then manually searching for the default credentials for each one and manually attempting each credential pair. To greatly speed up the process, Snapback was designed to automatically fingerprint and brute force passwords while taking each screenshot. All of the fingerprinting and brute forcing code is modular, allowing easy extension for newly identified services.

Learn More

SPEAKER

Forrest Kasler

Senior Consultant

DEF CON 32

SpecterOps at DEF CON 32: Sponsorships and Talks

SpecterOps is a proud sponsor of the Red Team Village! Dedicated to honing skills in critical thinking, collaboration, and strategic offensive security, the Red Team Village brings together information security professionals to share new tactics and techniques in offensive security.

Learn More

Thurs, Aug 8
9:00 AM – 1:00 PM

Offensive SCCM: Abusing Microsoft’s C2 Framework

Sat, Aug 10
1:00 pm – 2:50 pm

An Operator’s Guide: Hunting SCCM in the Real World

Sat, Aug 10
10:00 AM – 11:45 AM

Maestro (Demo Labs)

Location: Dean Martin Room, Las Vegas Convention Center

Microsoft Configuration Manager, formerly SCCM (System Center Configuration Manager), is a powerful technology used to deploy software to Windows systems in the majority of enterprise environments and has a high potential for abuse due to its privileged access to entire fleets of servers and workstation. In this workshop, students will be provided access to a live environment that reflects an enterprise SCCM deployment, gain an understanding of how the different components of SCCM interact, and learn how to execute recently discovered attack paths that can be used compromise SCCM clients, servers, and entire hierarchies. By completing both guided exercises and optional CTF challenges in this lab environment, students will learn how to demonstrate the impact of attack paths involving SCCM.

Learn More

SPEAKER

Garrett Foster

Senior Consultant

SPEAKER

Duane Michael

Managing Consultant

SPEAKER

Chris Thompson

Principal Consultant

get started

Defend Against Advanced Attacks

Talk to an Expert

Join SpecterOps at
Black Hat USA 2024 & DEF CON 32

Get a personalized demo at the SpecterOps booth

SEE SPECTEROPS AT BLACK HAT USA 2024

Visit us at Booth #2600

join our SpecterOps Party