Red Team
Bugcrowd Launches Red Team Service to Test Cybersecurity Defenses
Bugcrowd today at the 2025 RSA Conference announced its intent to create a red team service to test cybersecurity defenses using a global network of ethical hackers. Alistair Greaves, director of red ...
The Renaissance of NTLM Relay Attacks: Everything You Need to Know
NTLM relay attacks have been around for a long time. While many security practitioners think NTLM relay is a solved problem, or at least a not-so-severe one, it is, in fact, alive ...
Forging a Better Operator Quality of Life
A new Mythic add-on for Windows AgentsMythic provides flexibility to agent developers for how they want to describe and execute techniques. While this is great, it also means that when operators hop from ...
SlackPirate Set Sails Again! Or: How to Send the Entire “Bee Movie” Script to Your Friends in Slack
TLDR: SlackPirate has been defunct for a few years due to a breaking change in how the Slack client interacts with the Slack API. It has a new PR by yours truly ...
Life at SpecterOps Part II: From Dream to Reality
TL;DRWe are hiring consultants at various levels. The job posting can be found under the Consultant opening here: https://specterops.io/careers/#careersIntroductionHey, it’s me again! The last time we spoke back in August 2024, I ...
What is an Uncensored Model and Why Do I Need It
While the power and potential of GenAI is evident for IT and security, the use cases in the security field are surprisingly immature largely due to censorship and guardrails that hamper many ...
ADFS — Living in the Legacy of DRS
ADFS — Living in the Legacy of DRSIt’s no secret that Microsoft have been trying to move customers away from ADFS for a while. Short of slapping a “deprecated” label on it, every bit of ...
Attacking Entra Metaverse: Part 1
This is part one in a two (maybe three…) part series regarding attacker tradecraft around the syncing mechanics between Active Directory and Entra. This first blog post is a short one, and ...
Ghostwriter v4.3: SSO, JSON Fields, and Reporting with BloodHound
Ghostwriter v4.3 is available now, and it enhances features introduced in previous versions of v4 in some exciting ways! In particular, this article will dive into how you can integrate a tool ...
The HTML, CSS and Javascript Trojan Horse — Smuggling Malware through Web Resources
The HTML, CSS and Javascript Trojan Horse — Smuggling Malware through Web Resources‘Last Mile Reassembly Attacks’ evade every Secure Web Gateway in the market and deliver known malware to the endpointAt DEF CON 32, SquareX ...
