It's a big day- Lee Chagolla-Christensen, Max Harley, and I are proud to announce that Nemesis 1.0.0 has landed! We have a ton of awesome new features and a streamlined installation, check out the details at posts.specterops.io/nemesis-1-0-0-… and the code at github.com/SpecterOps/Nem…

Last year I shared how to convert BloodHound JSON to PowerShell objects.
Here's a proper function: ConvertFrom-BHJSON
gist.github.com/martinsohn/1f3…

Examples in this new 🧵

Nice if you want to play around with BH data inside PowerShell.
Thx Martin Sohn for sharing this gem

We are hosting a #BloodHound users meetup next week:

Location: 11000 Optum Cir, Eden Prairie, MN
Date/time: May 2 from 4PM to 7PM
Cost: free

Register here: ghst.ly/442MNfk

I just published a blog and tool for the LSA Whisperer work that was presented at the SpecterOps Conference (SOCON) back in March.

If you are interested in getting credentials from LSASS without accessing its memory, check it out!
medium.com/specter-ops-po…

Heading to #MMSMOA next month? Make sure to add this session to your schedule. Chris Thompson will be joining Kim Oppalfens (MVP) ✖️ & Tom Degreef to speak on how to secure your ConfigMgr environment & defend against publicly known attacks.

Learn more ➡️ ghst.ly/4459csL #SCCM

Shoutout to Chris Haller on this comprehensive guide to getting started in BloodHound Community Edition. Check out his blog post that covers setting up, collecting data, analyzing the data & providing value with that data. ghst.ly/3JlkvmO

If you want to get started with BloodHound CE, then I highly recommend reading this awesome blog post by Chris Haller. It's a great resource to kickstart your journey!
m4lwhere.medium.com/the-ultimate-g…

👋 Hello, Nashville! If you’re at #WiCyS2024 come by Booth 228 to chat with a few Specters and learn more about us.

I wrote a script to identify every TAKEOVER and ELEVATE attack in Misconfiguration Manager that can be run with Read-only Analyst privileges or higher in SCCM. Please share with your IT admins, defenders, clients, assessors, and friends in infosec!
posts.specterops.io/rooting-out-ri…

🥳 🎉 Folks, Fabian Bader, Thomas Naunheim & I are excited to launch Maester today after working on this over many long nights & weekends!

Maester is an open source, test framework that you can set up in minutes to test & continuously monitor your Microsoft security config

🧵⬇️

Heading to #WiCyS2024 this week? We are too! Stop by Booth 228 to meet our team and learn more about us and how you can become a Specter.

Entra Connect Sync lets you exclude *specific* users from synchronization using attribute-based filtering.

Does Entra Cloud Sync have a similar feature? I can see filtering by group and OU. But is there an *attribute* based filter to exclude *specific* users from sync?

Is it possible to conduct AiTM phishing attacks with Azure Functions to phish Entra ID sign-in cookies? Spoiler: Yes it is. And we can bypass injected canary tokens and automate the replay😶‍🌫️nicolasuter.medium.com/aitm-phishing-…
Kudos to Wesley Jan Bakker Fabian Bader Joosua Santasalo*Azure MVP*

In the documentation for #EntraID roles, I was curious about this big “Important” box for the Application Administrator role because I know it’s here for security reasons as Dirk-jan showed 😉 (learn.microsoft.com/en-us/entra/id…)
👀 Let’s see if the part I highlighted is true!

Micro$oft: Let us introduce you to Defender for Identity! It only costs 4million dollars more per year that you won't be budgeted for!

OR, just read the SpecterOps whitepaper, it's free!

/s

We just announced the next offering of Azure Security Fundamentals course:

🌎 Online and in-person in Denver
🗓️ October 7-10, 2024
💵 $4,000, but 25% off through August 8

More details here: events.humanitix.com/azure-security…

🚀I'm finally releasing GraphSpy to the public!🕵️
A powerful offensive security tool focused on making initial access and post-compromise enumeration in Microsoft Entra and M365 much more convenient during penetration tests and red team assessments!

github.com/RedByte1337/Gr…

Fantastic writeup by Marius on how foreign applications can degrade your Entra/Azure security posture.

🏅🎉 Victory for Mythic! 🎉🏅

🎊🏆 The echoes of the competition have settled, and one legend stands triumphant – Mythic takes the 1st place in Purple March Madness! 🎉✨ Their journey has been nothing short of epic, woven into the annals of the game's history! 🌟📜