specterops
Mapping Mayhem: Security’s Blind Spots in Identity Security
For years, primarily driven by regulatory compliance mandates, such as the Sarbanes-Oxley Act of 2002, identity and access management has been treated as a regulatory compliance exercise, rather than the security exercise ...
Enhancements for BloodHound v7.0 Provide Fresh User Experience and Attack Path Risk Optimizations
General Availability of Improved Analysis Algorithm and Security Posture Management ImprovementsThe BloodHound team previewed several concepts in the last couple of releases that made it easier for customers to visualize attack paths ...
SlackPirate Set Sails Again! Or: How to Send the Entire “Bee Movie” Script to Your Friends in Slack
TLDR: SlackPirate has been defunct for a few years due to a breaking change in how the Slack client interacts with the Slack API. It has a new PR by yours truly ...
Deconstructing Logon Session Enumeration
Purple TeamingHow we define and create test cases for our purple team runbooksIntroIn our purple team service, we try to take a depth and quality approach and run many different functionally diverse test ...
Mapping Snowflake’s Access Landscape
Attack Path ManagementBecause Every Snowflake (Graph) is UniqueIntroductionOn June 2nd, 2024, Snowflake released a joint statement with Crowdstrike and Mandiant addressing reports of “[an] ongoing investigation involving a targeted threat campaign against some ...
Lateral Movement with the .NET Profiler
Lateral Movement with the .NET ProfilerThe accompanying code for this blogpost can be found HERE.IntroI spend a lot of my free time modding Unity games. Since Unity is written in C#, the games are very ...
LSA Whisperer
Thank you to SpecterOps for supporting this research, to Elad for helping draft this blog, and to Sarah, Daniel, and Adam for proofreading and editing! Crossposted on GitHub.What follows is the culmination of ...
Sleepy — Python Tooling for Sleep
Sleepy — Python Tooling for SleepThank you to SpecterOps for supporting this research and to Sarah, Cody, and Daniel for proofreading and editing! Crossposted on the GitHub.TL;DR: You can use sleepy to automate common tasks when ...
Lateral Movement: Abuse the Power of DCOM Excel Application
In this post, we will talk about an interesting lateral movement technique called ActivateMicrosoftApp() method within the distributed component object model (DCOM) Excel application. This technique is built upon Matt Nelson’s initial ...
Perfect Loader Implementations
Thank you to SpecterOps for supporting this research and to Lee and Sarah for proofreading and editing! Crossposted on GitHub.TLDR: You may use fuse-loader or perfect-loader as examples for extending an OS’s native ...
