BloodHound Enterprise is now FedRAMP High Authorized! This achievement makes our identity security platform available to U.S. government orgs operating at the FedRAMP High baseline. Check out this blog post from our CEO David McGuire for more. ghst.ly/bhe-fedramp-hi…

Proud to share that SpecterOps has earned FedRAMP High Authorization for BloodHound Enterprise! Government agencies are at high risk for identity-based attacks, and now BHE is available to those that operate at the FedRAMP High baseline. Learn more: ghst.ly/bhe-fedramp-hi…

📋 Get a step by step tutorial to setting up an ADFS lab using Ludus and/or a flexible hybrid cloud environment for testing in our latest blog post from Beyviel David. Read for more! ⤵️ ghst.ly/4iIqLFO

In Part 1 of my Intune Attack Paths series, I discuss the fundamental components and mechanics of Intune that lead to the emergence of attack paths: posts.specterops.io/intune-attack-…

Our Consulting Services team is growing! 🙌 We are now hiring Consultants and Senior Consultants to join the team as operators, trainers, and program developers. Learn more & apply today! ghst.ly/3PBmGFZ

What does the road to becoming a Specter look like? In his latest blog post, Duane Michael provides a high level overview of how we approach recruiting consultants, demystifying the process along the way from application review through interviews. ghst.ly/3PQeuSh

Introducing Forge 🔥 – the first “Command Augmentation” container for Mythic! Check out Cody Thomas's latest blog post to learn how this new add-on offers a more standardized way of executing BOFs and .NET assemblies. ghst.ly/416iKnu

The agenda for #SOCON2025 has dropped! 🙌 Check out the schedule below and head to ghst.ly/socon-tw to get the scoop on all things SO-CON & to register.

Our team just dropped BloodHound v7.0! 😎 Check out our latest blog post from Dev Bhatt to learn about the enhancements in this update, aimed at helping security teams visualize #AttackPaths, prioritize risks, & track remediation. ghst.ly/3CPDQwT 🧵: 1/4

Considering OSCP certification in your pursuit for a successful career in offensive #cybersecurity consulting? Kieran Croucher shares three pieces of practical advice for students to consider before enrolling in the course. Read more: ghst.ly/3COVml2 🧵: 1/4

How are defenders leveraging SACLs to detect unauthorized access attempts? Check out our latest blog post from Alexander DeMine which dives into SACLs and introduces a new tool, SACL_Scanner, which allows you to adapt your tradecraft accordingly. ghst.ly/3D3kvbD

BIG NEWS: SpecterOps raises $75M Series B to strengthen identity security! Led by @InsightPartners with @AnsaCapital, M12 - Microsoft's Venture Fund, Ballistic Ventures, Decibel, and Cisco Investments. ghst.ly/seriesb #IdentitySecurity #CyberSecurity (1/6)

Had a lot of fun digging into COM stuff with bohops recently! We ended up finding a way to laterally move without dropping a file. ibm.com/think/news/fil…

Accurately see what permissions are exploitable in your AD environment. Chris Thompson discusses a recent update in BloodHound that shows fewer false positives for Owns/WriteOwner edges, & introduces the new Owns/WriteOwnerLimitedRights edges. ⬇️ ghst.ly/3QORQdF

New blog post just dropped! 🙌 Read the latest from Matt Creel on how an operator can perform situational awareness steps prior to making an Entra ID token request and how tokens can be effectively used once obtained. ghst.ly/4lA5Iqu

Think NTLM relay is a solved problem? Think again. Relay attacks are more complicated than many people realize. Check out this deep dive from Elad Shamir on NTLM relay attacks & the new edges we recently added to BloodHound. ghst.ly/4lv3E31

We are BACK with another #BloodHoundBasics post, this week courtesy of Andy Robbins. ICYMI: The BloodHound BACK button is BACK. Just use your browser's BACK button to go BACK. 🔙

Slides from my SOCON 2025 presentation are now up on GitHub github.com/xpn/Presentati…

I'm super happy to announce an operationally weaponized version of Yuval Gordon's BadSuccessor in .NET format! With a minimum of "CreateChild" privileges over any OU it allows for automatic escalation to Domain Admin (DA). Enjoy your inline .NET execution! github.com/logangoins/Sha…

BadSuccessor is a new AD attack primitive that abuses dMSAs, allowing an attacker who can modify or create a dMSA to escalate privileges and take over the forest. Check out Jim Sykora's latest blog post to understand how you can mitigate risk. ghst.ly/4kXTLd9