🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Want to move laterally from C2 on an Intune admin's workstation to any Intune-enrolled device? Check out Maestro (github.com/Mayyhem/Maestro), a new(ish) tool I wrote for those situations, and this blog post to walk you through how: posts.specterops.io/maestro-9ed71d…

Just published a new video 👇 Are you leaving your Microsoft Graph tokens unprotected?

Happy #BloodHoundBasics Day! 🐶 BloodHound's Cypher supports Regex with the =~ operator. Regex enables precisely matching principals and attack paths. For example, the Microsoft Entra Connect account's name, commonly known as "MSOL", is found with the pattern: MSOL_[0-9A-F]+@.*

The #SOCON2025 CFP closes Friday, November 15: sessionize.com/socon-2025

I’ve always thought Seatbelt was a great situational awareness tool, I created a python implementation of it. Due to the nature of how I expect it to run, it only implements the remote modules, but I hope someone finds it useful. github.com/0xthirteen/Car…

GraphRunner is so handy! I know it's been out for a minute, but if you do pentests that involve Azure and haven't tried it, you're doing yourself a disservice. Great work by Steve Borosh and Beau Bullock ! github.com/dafthack/Graph…

The PowerHuntShares v2 update now includes: interesting files, password extraction, and LLM fingerprinting! Check it out & give me some feedback! netspi.com/blog/technical…

Have you read about all the Active Directory Certificate Services (AD CS) 🔐attack paths but never tried them out? x - Brady McLaughlin has updated the ludus_adcs role to enable ESC1,2,3,4,5,6,7,8,9,11,13 and 15 attack paths in your lab! Easy 3 step guide here: docs.ludus.cloud/docs/environme…

I couldn't find any PowerShell examples of encrypting/decrypting data w/ Azure Key Vault keys, so I made some: Protect-StringWithAzureKeyVaultKey Unprotect-StringWithAzureKeyVaultKey github.com/BloodHoundAD/B… Explanatory blog post coming soon.

A quick tour of new functions in BARK that support Azure Key Vault tradecraft research, including a walk-through of how an adversary may chain these functions together as part of an attack path: posts.specterops.io/azure-key-vaul…

Excited to share a tool I've been working on - ShadowHound. ShadowHound is a PowerShell alternative to SharpHound for Active Directory enumeration, using native PowerShell or ADModule (ADWS). As a bonus I also talk about some MDI detections and how to avoid them

A new fun way to set shadow credentials posts.specterops.io/attacking-entr…

Make Bloodhound Cool Again: Migrating Custom Queries from Legacy BloodHound to BloodHound CE by link.medium.com/z0KOxdSSUPb

Introducing a new tool designed to help you install & manage BloodHound instances...🥁 BloodHound CLI! Check out ʎppɐɯɔ's blog post to learn how this tool dramatically simplifies installation and server management. ghst.ly/40zXAxI

We are BACK with another #BloodHoundBasics post, this week courtesy of Andy Robbins. ICYMI: The BloodHound BACK button is BACK. Just use your browser's BACK button to go BACK. 🔙

I have just released my first tool : GPOHound 🚀 GPOHound is an offensive tool for dumping and analysing GPOs. It leverages BloodHound data and enriches it with insights extracted from the analysis. 🔗Check it out here: github.com/cogiceo/GPOHou…