Azure Arc is Microsoft's solution for managing on-premises systems in hybrid environments. My new blog covers how it can it be identified in an enterprise and misconfigurations that could allow it to be used for out-of-band execution and persistence.

RT @unsigned_sh0rt: Who doesn't like free creds?.

RT @PyroTek3: I am back to posting to in my free time (which I have again). I plan on adding new content relating….

RT @BouncyHat: Thanks to everyone who came out to see my talk! All of my code and the slides for my ChromeAlone presentation are available….

RT @the1bernard: Missed my Black Hat talk? Read how I got access to 22 internal Microsoft services at

RT @micahvandeusen: Search 15M+ Microsoft 365 tenants by org name or domain and discover all known domains in the same tenant: https://t.co….

RT @unsigned_sh0rt: I pushed updates to SCCMHunter as part of my Arsenal demo at #BHUSA today! New features include a relay module for TAK….

RT @_dirkjan: The ADSyncCertDump tool is now part of the adconnectdump tools and can be used to extract SP credentials from Entra ID connec….

RT @retBandit: I'll be speaking on "AI’s Acceleration Of Cyber & Electronic Warfare" Thursday at the AI Security Forum, hit me up if you'd….

More on BH OpenGraph: Ran into some issues when attempting to map objects collected with partial info back to existing BH objects. Built out a small tool that allows for connecting objects in a more flexible manner:

New BH OpenGraph stuff is pretty cool, threw together a super basic PoC to map attack paths through SCCM this afternoon using data pulled from the site DB:

RT @FuzzySec: I'm releasing a backend for multi-agent AI systems that need to model complex non-linear problems. Kafka handles async agent….

RT @_Mayyhem: I'm SO hyped to finally make MSSQLHound public! It's a new BloodHound collector that adds 37 new edges and 7 new nodes for MS….

RT @SpecterOps: BloodHound v8.0 is here! 🎉. This update introduces BloodHound OpenGraph, revolutionizing Identity Attack Path Management by….

RT @_logangoins: My first @SpecterOps blog!. Ever wanted to collect Active Directory information from LDAP for a Red Team?. Using LDAP's mo….

RT @KlezVirus: Had some time and decided to take a shot at Fabian’s RAITrigger project. After a look into the RPC internals, I put together….

RT @SEKTOR7net: Bypassing AMSI with your own custom COM interfaces inside CLR process - an excellent piece by Joshua Magri (@passthehashbrw….

RT @TEMP43487580: Uploaded mprecon, a tiny script I made while learning SCCM. It pulls info from MP server like DP locations, site version,….

RT @retBandit: I recently interviewed with Politico on the risks and benefits of the offensive use of AI. “This isn’t just malicious threa….

RT @ShitSecure: The Blog post about "Revisiting Cross Session Activation attacks" is now also public. Lateral Movement with code execution….

RT @Flangvik: New video out 😊 showing how you can take control of port 445 and perform those magical relay attacks toward AD CS when workin….