BOFHound: Session Integration If you’ve found yourself on a red team assessment without SharpHound (maybe due to OPSEC or stealth... 2024-1-31 01:2:2 | 阅读: 15 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io sharphound bofhound bofs bloodhound oxenfurt

ADCS Attack Paths in BloodHound — Part 1 Since Will Schroeder and Lee Christensen published the Certified Pre-Owned whitepaper, the BloodHoun... 2024-1-25 01:2:29 | 阅读: 22 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io bloodhound adcs traversable ct ekus

Calling Home, Get Your Callbacks Through RBI Authored By: Lance B. Cain and Alexander DeMineRemote Browser Isolation (RBI) is a security technolo... 2024-1-18 06:59:21 | 阅读: 20 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io rbi c2 payload security proxy

Cypher Queries in BloodHound Enterprise BloodHound Enterprise (BHE) recently saw the addition of a new, game-changing feature: open-ended Cy... 2024-1-11 00:51:36 | 阅读: 15 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io cypher tier bhe privileges smith

Sleepy — Python Tooling for Sleep Thank you to SpecterOps for supporting this research and to Sarah, Cody, and Daniel for proofreading... 2023-12-15 00:5:56 | 阅读: 10 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io cobalt bofs sleepy artifact tooling

Mythic v3.2 Highlights: Interactive Tasking, Push C2, and Dynamic File Browser Mythic v3.2 has Push C2, Interactive Async Tasking, TypedArray parameters, new graphing libraries in... 2023-11-29 22:34:57 | 阅读: 13 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io mythic c2 database tasking library

Merlin’s Evolution: Multi-Operator CLI and Peer-to-Peer Magic Image Generated by https://hotpot.ai/art-generatorOver the past year, I’ve been working on making si... 2023-11-16 01:12:22 | 阅读: 9 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io merlin agents jwe reverse

On Detection: Tactical to Functional Part 11: Functional CompositionWelcome back to part 11 of the On Detection blog series. This next ar... 2023-11-15 01:1:54 | 阅读: 8 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io openprocess chains memory

Abusing Slack for Offensive Operations: Part 2 When I first started diving into offensive Slack access, one of the best public resources I found wa... 2023-11-10 01:2:5 | 阅读: 11 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io keychain windows database cody remote

Lateral Movement without Lateral Movement (Brought to you by ConfigMgr) IntroductionEarlier this year, I submitted a pull request to SharpSCCM’s repository. SharpSCCM is a... 2023-11-7 21:49:21 | 阅读: 10 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io cmpivot configmgr sharpsccm sccm

Phishing With Dynamite Token stealing is getting harder. Instead, stealing whole logged-in browser instances may be an easi... 2023-11-7 21:48:23 | 阅读: 12 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io bitm phishing attacker cuddlephish

Domain of Thrones: Part II Written by Nico Shyne & Josh PragerIn the first installment of “Domain of Thrones,” we meticulously... 2023-11-7 00:51:41 | 阅读: 10 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io defenders microsoft security client forest

On Detection: Tactical to Functional Part 10: Implicit Process CreateWelcome back to another installment of the On Detection: Tactical to... 2023-11-2 00:5:47 | 阅读: 10 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io implicit whoami windows execmethod hollowing

Lateral Movement: Abuse the Power of DCOM Excel Application In this post, we will talk about an interesting lateral movement technique called ActivateMicrosoftA... 2023-10-31 02:31:31 | 阅读: 8 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io microsoft dcom foxprow clsid

CVE-2023–4632: Local Privilege Escalation in Lenovo System Updater Version: Lenovo Updater Version <= 5.08.01.0009Operating System Tested On: Windows 10 22H2 (x64)Vuln... 2023-10-27 00:52:9 | 阅读: 26 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io lenovo hellolevel attacker privileged

Domain of Thrones: Part I Written by Nico Shyne & Josh PragerJust as in the political landscape of Westeros, defenders face a... 2023-10-25 00:25:38 | 阅读: 27 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io windows security ntds defenders dit

On Detection: Tactical to Functional Part 9: Perception vs. ConceptionThe concepts discussed in this post are related to those discussed... 2023-10-21 02:43:37 | 阅读: 10 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io mde memory actiontype sysmon injection

Bloodhound Enterprise: securing Active Directory using graph theory Prior to my employment at SpecterOps, I hadn’t worked in the information security industry- as a res... 2023-10-21 00:1:36 | 阅读: 11 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io manhattan bloodhound security routes fig

Uncovering RPC Servers through Windows API Analysis Have you ever tried to reverse a simple Win32 API? If not, let’s look at one together today! This ar... 2023-10-19 00:8:10 | 阅读: 36 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io midl client microsoft windows logonusera

Perfect Loader Implementations Thank you to SpecterOps for supporting this research and to Lee and Sarah for proofreading and editi... 2023-10-10 01:28:18 | 阅读: 9 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io loader memory windows library developers