Final Steps to BloodHound Federal — FedRAMP High Compliance

Final Steps to BloodHound Federal — FedRAMP High Compliance

Final Steps to BloodHound Federal — FedRAMP High ComplianceEver since SpecterOps first launched BloodHound Enterprise (BHE) in July 2021, one of our team’s biggest frustrations involved a lack of FedRAMP qualifications, which prevented us ...
The Most Dangerous Entra Role You’ve (Probably) Never Heard Of

The Most Dangerous Entra Role You’ve (Probably) Never Heard Of

Entra ID has a built-in role called “Partner Tier2 Support” that enables escalation to Global Admin, but this role is hidden from view in the Azure portal GUI.Why it mattersAn adversary may target the ...
Andy Robbins (RedZone) - Azure Backdoors: How to Hide Them, How to Find Them - Ekoparty 2022

Directory.ReadWrite.All Is Not As Powerful As You Might Think

Directory.ReadWrite.All is an MS Graph permission that is frequently cited as granting high amounts of privilege, even being equated to the Global Admin Entra ID role.Why it mattersAzure admins and security professionals may put ...
Microsoft Breach: What Happened? What Should Azure Admins Do?

Microsoft Breach — How Can I See This In BloodHound?

Microsoft Breach — How Can I See This In BloodHound?SummaryOn January 25, 2024, Microsoft announced Russia’s foreign intelligence service (i.e., Sluzhba vneshney razvedki Rossiyskoy Federatsii [SVR]) breached their corporate EntraID environment. We reviewed the ...
Cypher Queries in BloodHound Enterprise

Cypher Queries in BloodHound Enterprise

BloodHound Enterprise (BHE) recently saw the addition of a new, game-changing feature: open-ended Cypher searches. For those unfamiliar, Cypher is a declarative query language used for retrieving data from a graph database ...
Bloodhound Enterprise: securing Active Directory using graph theory

Bloodhound Enterprise: securing Active Directory using graph theory

BloodHound Enterprise: securing Active Directory using graphsPrior to my employment at SpecterOps, I hadn’t worked in the information security industry- as a result, many security related terms and concepts that were tossed around ...
Comparison Draw 200 Nodes

BloodHound Community Edition: A New Era

I’m proud to announce the availability of BloodHound Community Edition (BloodHound CE)!What you need to know:The free and open-source version of BloodHound is now known as BloodHound CE and will remain free and ...
BloodHound Enterprise Learns Some New Tricks

BloodHound Enterprise Learns Some New Tricks

SummaryThe BloodHound code-convergence project brings some significant and long-desired feature enhancements to BloodHound Enterprise (BHE):Cypher search, including pre-built queries for AD and AzureBuilt-in support for offline data collection (i.e., control systems or acquisition ...
Your new best friend: Introducing BloodHound Community Edition

Your new best friend: Introducing BloodHound Community Edition

SummarySpecterOps is pleased to announce BloodHound Community Edition (CE) will be available in early access on August 8, 2023! In this blog:BloodHound is now BloodHound CE; new name, slightly different look, same purpose ...
From DA to EA with ESC5

From DA to EA with ESC5

There’s a new, practical way to escalate from Domain Admin to Enterprise Admin.ESC5You’ve heard of ESC1 and ESC8. But what about ESC5? ESC5 is also known as “Vulnerable PKI Object Access Control” ...