It's alive! Apeman is a graph-based tool to model AWS IAM permissions. This marks the start of a new journey to methodically identify and remediate IAM attack paths, and I look forward to learning together with y'all. github.com/hotnops/apeman

Blending in is the key to staying 'stealthy' in network traffic. In this week's installment of the #Phishing School blog series, Forrest Kasler details how you can hide your C2 implant w/ stealthy callback channels. Read more ⤵️ ghst.ly/4ciTBrS

You never know when some Windows legacy knowledge will help you succeed in an engagement. In our new #blog, Oddvar Moe reveals a new #phishing technique implemented by creating an empty file with the .udl extension. Read it now! hubs.la/Q02Lqb4s0

New blog post just dropped! 😎 In this installment of our blog series on Identity-Driven Offensive Tradecraft, Elad Shamir shares a framework he developed for discovering known & unknown Attack Paths. posts.specterops.io/navigating-the…

This is the last of my phishing series! It's a recap and reference for the whole thing. Hope it was as fun to read as it was to write:

I wrote a blog post about some of the intangible benefits of working as a red team operator and adversary simulation consultant at SpecterOps. It's pretty awesome here. And we're hiring! posts.specterops.io/life-at-specte…

Ghostwriter 💜 Tool Integration! Ghostwriter v3.0.0 features a powerful GraphQL API, making tool integration a breeze. Alexander Sou's latest blog post showcases the API's capabilities using our Operation Log Generator. Learn more ⤵️ghst.ly/4dCohWE

I just merged a new credential technique into Misconfiguration Manager, thanks to Alberto! Check it out: github.com/subat0mik/Misc…

👀👀

How did attendees enjoy the talks at #SOCON2024? Hear their thoughts! ⤵️ The CFP for #SOCON2025 is open & we are looking for talks digging into the complexities of identifying, executing, & protecting against modern Attack Paths. Submit by November 15: ghst.ly/cfp-socon25

Our Sales team is hiring Account Executives in the Eastern and Central US regions to support the BloodHound Enterprise team. Check out the roles & apply today! Eastern US ➡️ ghst.ly/4dzgY14 Central US ➡️ ghst.ly/3NhMjdH

This hack is brilliant, APT28 hopping into a target environment over wifi by compromising neighbouring companies and finding a dual-homed host within range. volexity.com/blog/2024/11/2… And yet... they got caught doing this!

I and Fred Heiding published a human study on AI spear phishing: We use AI agents built from GPT-4o and Claude 3.5 Sonnet to search the web for available information on a target and use this for highly personalized phishing messages. achieved click-through rates above 50%

If you thought phishing was now ineffective, you may have missed something 👀 My latest post highlights the advanced tactics used to bypass security controls and deceive even the most savvy users. Check it out ⤵️

cloud.google.com/blog/topics/th…

cuddlephish : Weaponized multi-user browser-in-the-middle (BitM) for penetration testers : github.com/fkasler/cuddle… Details : link.springer.com/article/10.100… credits Forrest Kasler

Wondering how you can maintain persistence while staying under the radar? Antero Guy just dropped his guide on COM hijacking — a go-to technique that balances stealth w/ reliability. Read more ⤵️ ghst.ly/4kg5Ytq

josephthacker.com/personal/2025/…

Finally had some time to publish these blogs. Enjoy! Spying On Screen Activity Using Chromium Browsers mrd0x.com/spying-with-ch… Camera and Microphone Spying Using Chromium Browsers mrd0x.com/spying-with-ch…

MSSQLHound leverages BloodHound's OpenGraph to visualize MSSQL attack paths with 7 new nodes & 37 new edges, all without touching the SharpHound & BloodHound codebases. Chris Thompson unpacks this new feature in his blog post. 👇 ghst.ly/4leRFFn