🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

The entire SCCM hierarchy is vulnerable to takeover from any primary site because by design, there is no security boundary between sites in the same hierarchy. Check out my new post to learn more about how this can be abused, mitigated, and detected! posts.specterops.io/sccm-hierarchy…

Today, we announced our Purple Team Assessments Service, which is intended to help customers understand the efficacy of their detection capabilities. Read more at ghst.ly/3EUVRHB

Mark your calendar for #SOCON2024 This event will kick off on March 11, 2024 with a day-long summit followed by four days of training sessions. Register for training now to get 25% off full price. 👉 Learn more: specterops.io/so-con.

Get an introduction to the HardHat C2 framework. Check out DragoQCC's #BHUSA booth presentation. ➡️ ghst.ly/3Q3UTy3 Get HardHat today: github.com/DragoQCC/HardH…

If you're at #BSidesAugusta, hurry over to Track 3 to hear from Will Schroeder & Max Harley on the Nemesis project. Get Nemesis: github.com/SpecterOps/Nem…

Pushed a big update to SCCMHunter for my talk at BSides Portland this weekend. Some cool new features that lets you remotely perform recon and post exploitation with the AdminService API. github.com/garrettfoster1…

Alpha 0.3 of HardHat C2 is out, another giant update with around 16k additions & 6k deletions. Includes a ton of bug fixes and new features. Check out the full changelog here docs.hardhat-c2.net/changelog/alph… and try it out here github.com/DragoQCC/HardH…

I have always wondered how RPC works and how to find them given a windows API, so I worked on a blogpost documenting how I went and uncovered them!

We are kicking the week off right with Part 2️⃣ of Joshua Prager & Nico Shyne's Domain of Thrones blog series. Check out the latest for post-compromise guidance for the rotation of domain secrets. ghst.ly/3u5vOLK

Our latest blog post from Matt Creel takes a look at the updates to cookie storage that Slack has made since 2020, and reexamines avenues to achieving Slack access from ceded access on both macOS & Windows hosts. ghst.ly/49rGLr7

Wrote a little blog post about how I set up 1Password SSH agent forwarding to VS Code devcontainers. A bit of a niche post. Basically, you dont need to set up SSH keys each time you make a new devcontainer. Also a little goody for setting up commit signing 0xdab0.medium.com/streamlining-d…

After quite some time, I’m publishing Merlin v2. Added peer-to-peer agent communications and a new gRPC client allowing multiple operators to use Merlin at the same time! There are plenty of other new features captured in this post and the change logs. medium.com/@Ne0nd0g/merli…

Tomorrow, Tuesday November 21: get the first public look at how #BloodHound surfaces ADCS attack paths. Register for our webinar here: ghst.ly/40rYRoZ

Upgrade your Red Team engagements with TTPs used by attackers in real-world breaches. Our upcoming VIRTUAL training will teach participants how to infiltrate networks, gather intel & covertly persist in a network like an advanced adversary. ➡️ ghst.ly/SOCON24RTOtw

What's new with BOFHound? 🤷 Check out Matt Creel's latest blog post which delves into several new BOFs as well as an example attack path visualized using the BOFs, BOFHound, and BHCE. ghst.ly/3udnFVM

Deciding whether to attend SO-CON training in-person or remote? Check out the benefits of joining us live in Arlington, VA, March 11-15! ⤵️ Learn more: specterops.io/so-con/

Have you used a web shell on an offensive assessment recently? Were you able to task and create it through your C2 framework? I'm excited to announce the new Arachne agent for Mythic that allows you to do just that! Check it out posts.specterops.io/spinning-webs-…

1️⃣ month until SO-CON 2024! Joining our training courses in person in Arlington comes with a few extra benefits, including a FREE pass for our summit happening March 11. Learn more & register at specterops.io/so-con

Did you know that CMPivot allows for auth coercion of SCCM/ConfigMgr client hosts? medium.com/@dlomellini/fu…