💡 WHAT IS PURPLE TEAMING AT SPECTEROPS? SpecterOps recently introduced our Purple Team service offering, but what is it? We define it as "the evaluation of security control efficacy through atomic testing using deliberately selected test cases." https://t.co/SSwnzSxUGK

Your strongest platform is only as secure as its weakest dependency. And you probably don't know what those are. @jaredcatkinson dives into the Clean Source Principle, hidden trust relationships, & why BloodHound OpenGraph changes the game.

Ever notice how every identity system depends on something else — and those dependencies are often invisible? That’s the idea behind the Clean Source Principle and why it matters for the future of identity security. https://t.co/Ov1eN8Jsjs

What happens when the User-Account-Restrictions property gets misconfigured? Spoiler: It's not good. From account compromise to full domain takeover, @unsigned_sh0rt breaks down why this permission set is more dangerous than most realize.

🐕 𝐈𝐀𝐌𝐡𝐨𝐮𝐧𝐝𝐝𝐨𝐠 A tool to identify privileged principals and second-order privilege escalation in AWS environments. Compatible with BloodHound. By mapping relationships between IAM entities and resources.

NFT Paris is back on February 5-6 at La Grande Halle de La Villette. 🎟 Last chance to get the best deal of the edition: 2 tickets for the price of 1. Offer valid until October 22.

Better late than never. I wrote a post that analyzes the Salesloft-Drift breach in the context of Attack Paths. https://t.co/seQmEBHti1 My main takeaways: 1) Hybrid paths are not limited to two platforms owned by the same organization 2) Ad-hoc paths arise when passwords are

Better late than never. I wrote a post that analyzes the Salesloft-Drift breach in the context of Attack Paths. https://t.co/seQmEBHti1 My main takeaways: 1) Hybrid paths are not limited to two platforms owned by the same organization 2) Ad-hoc paths arise when passwords are

🎙️ NEW PODCAST: #KnowYourAdversary @jaredcatkinson & @JustinKohler10 explore identity security from the attacker's perspective. Real stories, real tactics, real insights. Check out our first three episodes now 👉 https://t.co/gmfNAiRuRD

"The Renaissance of NTLM Relay Attacks: Everything You Need to Know" by @elad_shamir (@SpecterOps) 🔥 One of the best overview of NTLM relay technique I've ever seen. (and the styling is is an art in itself!) #redteam #security #infosec #windows https://t.co/eRK7yg7B8U

BloodHound isn't just for Active Directory anymore. 🤯 @SadProcessor dives into the BloodHound OpenGraph functionality & demonstrates the new PowerShell cmdlets added to the BloodHound Operator module to work with the OpenGraph feature.

Cookie theft has evolved. 🍪 Over the last year, stealing cookies on Windows devices has changed significantly for Chromium browsers like Chrome and Edge. Andrew Gomez dives into these changes, how threat actors adapt, & new detection opportunities.

Lots of tooling around the new Bloodhound "OpenGraph" standard this week including vCenterHound from @m0rd4vid and the bhopengraph library from @podalirius_. https://t.co/DhuPbkh4LM

🛠️ Two JAMF Security Tools 𝐉𝐚𝐦𝐟𝐇𝐨𝐮𝐧𝐝 - Ingest JAMF attack paths into BloodHound 𝐄𝐯𝐞 - A JAMF exploitation toolkit 1️⃣ JamfHound by @SpecterOps A Python tool that collects and identifies attack paths in Jamf Pro tenants by analyzing object permissions and outputting

Trying to fly under EDR's radar? @_logangoins explains how to use HTTP-to-LDAP relay attacks to execute tooling completely off-host through the C2 payload context. Perfect for when you need LDAP access but want to avoid being caught stealing creds.

New blog post just dropped! West Shepherd breaks down extending the Mythic Poseidon agent for ARM64 Dylib injection on Apple Silicon. Details include: ✅ Shellcode construction ✅ Memory allocation ✅ Runtime patching ✅ Thread creation Read more ⤵️

LudusHound: Open-source tool brings BloodHound data to life - https://t.co/B4nIobpN2G - @SpecterOps @GitHub #GitHub #OpenSource #CyberSecurity #netsec #security #InfoSecurity #ITsecurity #CyberSecurityNews #SecurityNews #AI

Hosts running the WebClient service are prime targets for NTLM relay attacks, and it may be possible to start the service remotely as a low-privileged user. @0xthirteen breaks down the service startup mechanics, plus the protocols and technologies.

You can now map attack paths throughout your entire tech stack with BloodHound OpenGraph. @JustinKohler10, @jaredcatkinson, @_wald0 & @StephenHinck chatted about this & other new features in BloodHound v8.0 during our recent webinar. 👀 Watch on demand: https://t.co/1JNp4vwTHL

BloodHound OpenGraph allows you to map attack paths across ANY platform. @jaredcatkinson spoke with @DarkReading during #BHUSA about how you can now connect the dots between Active Directory, GitHub repositories, and other sensitive assets. 👀: https://t.co/8FuEtfZd9a

The DSInternals PowerShell module just got an upgrade! 🔥 Updates include: ✅ Golden dMSA Attack ✅ Full LAPS support ✅ Trust password & BitLocker recovery key extraction ✅ Read-only domain controller database compatibility Read more from @MGrafnetter.

We are breaking down our State of Attack Path Management report. Join @jaredcatkinson, @AndrewChiles, & @elad_shamir as they discuss some key takeaways from the report to help you understand & address attack paths before they're exploited. Register 👉 https://t.co/ptlsSugHlZ