Joshua Prager
Posts By SpecterOps Team Members - Medium

Misconfiguration Manager: Detection Updates

Misconfiguration Manager: Detection Updates

| | configuration management, detection-engineering, SOC, Threat Hunting
TL;DR: The Misconfiguration Manager DETECT section has been updated with relevant guidance to help defensive operators identify the most prolific attack techniques from the Misconfiguration Manager project.BackgroundIf you have been following SpecterOps’s offensive security research over the last few years, you may have noticed our interest in targeting attack paths leveraging ... Read More
Posts By SpecterOps Team Members - Medium
Domain of Thrones: Part II

Domain of Thrones: Part II

| | blue team, Cybersecurity, detection-engineering, Infosec, Threat Hunting
Written by Nico Shyne & Josh PragerIntroduction Part IIIn the first installment of “Domain of Thrones,” we meticulously explored an array of six distinctive domain persistence techniques:Credential Theft on the Domain Controller (DC)NTDS AccessDCSyncGolden TicketDiamond TicketActive Directory Certificate Services (AD CS)These adversarial methods facilitate an elevated level of access to the targeted domains, ... Read More
Posts By SpecterOps Team Members - Medium
Prioritization of the Detection Engineering Backlog

Prioritization of the Detection Engineering Backlog

| | Cybersecurity, Detection, detection-engineering, Threat Hunting, Threat Intelligence
Written by Joshua Prager and Emily LeidyIntroductionStrategically maturing a detection engineering function requires us to divide the overall function into smaller discrete problems. One such seemingly innocuous area of detection engineering is the technique backlog (a.k.a. the detection engineering backlog, attack technique backlog, or detection backlog).The concept of incorporating a backlog ... Read More
Posts By SpecterOps Team Members - Medium