Recently, Microsoft changed the way the Entra Connect Connect Sync agent authenticates to Entra ID. These changes affect attacker tradecraft, as we can no longer export the sync account credentials; however, attackers ...

Getting Started with BHE — Part 2Contextualizing Tier ZeroTL;DRAn accurately defined Tier Zero provides an accurate depiction of Attack Path Findings in your BHE tenant.Different principals (groups, GPOs, OUs, etc.) have different implications when Tier Zero is ...

Getting Started with BHE — Part 1Understanding Collection, Permissions, and Visibility of Your EnvironmentTL;DRAttack Path visibility is dependent upon scope of collection; complete collection is dependent upon appropriate permissions.Your collection strategy benefits from tiering just ...

General Availability of Improved Analysis Algorithm and Security Posture Management ImprovementsThe BloodHound team previewed several concepts in the last couple of releases that made it easier for customers to visualize attack paths ...

TL;DRInsurance companies host large amounts of sensitive data (PII, PHI, etc.) and often have complex environments due to M&A and divestituresMost breaches start with human errorFortune 500 companies rely on Microsoft Active Directory ...

Now that we know how to add credentials to an on-premises user, lets pose a question:“Given access to a sync account in Domain A, can we add credentials to a user in ...

We created a new tool to help you install and manage BloodHound instances, BloodHound CLI!GitHub - SpecterOps/bloodhound-cliWritten entirely in Go, this command-line tool can be cross-compiled to support Windows, macOS, and Linux, ...

Intune Attack Paths — Part 1Prior WorkSeveral people have recently produced high-quality work around Intune tradecraft. I want to specifically mention:Chris Thompson and his work on MaestroDirk-jan Mollema and his work with Primary Refresh TokensAdam Chester and ...

This is part one in a two (maybe three…) part series regarding attacker tradecraft around the syncing mechanics between Active Directory and Entra. This first blog post is a short one, and ...

Just in time for the holidays, sharper tools for faster defenseToday, the SpecterOps team rolled out a number of new features, product enhancements, and recommendations intended to help users of BloodHound Enterprise and ...