SCCM Hierarchy Takeover One Site to Rule Them AllThere is no security boundary between sites in the same hierarchy.When an a... 2023-9-25 22:52:48 | 阅读: 3 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io database sccm security rbac

Ghostwriter v4: 2FA, RBAC, and Logging, Oh My! Ghostwriter v4 is officially here! Technically, it’s been available as a release candidate for a whi... 2023-9-21 01:7:44 | 阅读: 4 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io ghostwriter cobalt client beacon django

Reactive Progress and Tradecraft Innovation The overarching goal of a security operations program is to prevent or mitigate the impact of an att... 2023-9-20 00:41:13 | 阅读: 4 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io tradecraft attackers mimikatz memory distinct

What is Tier Zero — Part 2 Round 2!This is Part 2 of our webinar and blog post series Defining the Undefined: What is Tier Zero... 2023-9-14 23:40:7 | 阅读: 4 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io tier rodc attacker containers gpo

Shadow Wizard Registry Gang: Structured Registry Querying The Windows registry, an intricate database storing settings for both the operating system and the a... 2023-9-6 00:58:9 | 阅读: 6 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io nemesis bofs c2 querying beacon

Site Takeover via SCCM’s AdminService API tl:dr: The SCCM AdminService API is vulnerable to NTLM relaying and can be abused for SCCM site take... 2023-8-11 01:54:11 | 阅读: 10 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io sccm database contoso

Hacking With Your Nemesis In the first post in this series, On (Structured) Data, we talked about the gap area of offensive st... 2023-8-10 04:29:3 | 阅读: 7 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io nemesis enrichment kubernetes enrichments analytic

BloodHound Community Edition: A New Era I’m proud to announce the availability of BloodHound Community Edition (BloodHound CE)!What you need... 2023-8-9 00:17:8 | 阅读: 12 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io bloodhound 4072641716 570004220 2248230615 tokenid

BloodHound Enterprise Learns Some New Tricks The BloodHound code-convergence project brings some significant and long-desired feature enhancement... 2023-8-4 02:0:48 | 阅读: 9 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io bloodhound dawgs database cypher convergence

Challenges In Post-Exploitation Workflows In our previous post, we talked about the problem of structured data in the post-exploitation commun... 2023-8-3 01:19:12 | 阅读: 5 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io engagement sharpdpapi nemesis c2 analysis

Operational Challenges in Offensive C# – Posts By SpecterOps Team Members As offensive toolsets continue to move towards using C# as the language of choice for post-exploitat... 2018-11-08 10:40:36 | 阅读: 188 | 收藏 | posts.specterops.io sharpsploit sharpgen costura ilmerge assemblies