Clik here to view.
Teach a Man to Phish
PHISHING SCHOOL A Decade of Distilled Phishing Wisdom I decided to give away all of my phishing secrets for free. I realized at some point that I have been giving away phishing secrets for years, but...
View ArticleClik here to view.
Ghostwriter ❤ Tool Integration
Incorporating new components into existing systems is such a pain, this process has been labeled “Integration Hell”. To ease tool integration, Ghostwriter v3.0.0 shipped with a GraphQL API. This API...
View ArticleClik here to view.
Mythic 3.3 — Out of Beta
Mythic 3.3 — Out of Beta Mythic 3.3 was released in a Beta six weeks ago, and since then there has been a bunch of feedback, not just about new Mythic 3.3 features but about the framework overall. Now...
View ArticleClik here to view.
Life at SpecterOps: The Red Team Dream
TL;DR We are hiring consultants at various levels. The job posting can be found under the Consultant opening here: https://specterops.io/careers/#careers Introduction Hey there! I’m Duane Michael, a...
View ArticleClik here to view.
ADCS Attack Paths in BloodHound — Part 3
ADCS Attack Paths in BloodHound — Part 3 In Part 1 of this series, we explained how we incorporated Active Directory Certificate Services (ADCS) objects into BloodHound and demonstrated how to...
View ArticleClik here to view.
Ghostwriter v4.3: SSO, JSON Fields, and Reporting with BloodHound
Ghostwriter v4.3 is available now, and it enhances features introduced in previous versions of v4 in some exciting ways! In particular, this article will dive into how you can integrate a tool like...
View ArticleClik here to view.
Closing the Gaps: How Attack Path Management Improves Vulnerability...
In conversation: Pete McKernan & Luke Luckett As organizations seek to wrap their arms around potential cybersecurity exposures, CIOs and CISOs are increasingly pushing their vulnerability...
View ArticleClik here to view.
Dotnet Source Generators in 2024 Part 1: Getting Started
Introduction In this blog post, we will cover the basics of a source generator, the major types involved, some common issues you might encounter, how to properly log those issues, and how to fix them....
View ArticleClik here to view.
BOFHound: AD CS Integration
TL;DR: BOFHound can now parse Active Directory Certificate Services (AD CS) objects, manually queried from LDAP, for review and attack path mapping within BloodHound Community Edition (BHCE)....
View ArticleClik here to view.
Maestro: Abusing Intune for Lateral Movement Over C2
If I have a command and control (C2) agent on an Intune admin’s workstation, I should just be able to use their privileges to execute a script or application on an Intune-enrolled device, right? Not so...
View Article