This is the first time I’ll be co-presenting with Dirk-jan.
Our talk on ‘Attacking Primary Refresh Tokens using the Mac implementation’ has been accepted at TROOPERS Conference

Very excited to share this joint research in the beautiful Heidelberg!

On June 4th, I’ll be speaking at #ExpertsLiveNL on the power of attack paths in detection engineering.

We are proud to finally share some great research by Arnau Ortega on a 1-click #Azure tenant takeover attack. You can read all about it in our latest blog post. It explains how we could take over any Azure tenant; just by clicking one legitimate link 😨

falconforce.nl/arbitrary-1-cl…

you wouldn’t last an hour in the asylum where they raised us

ATT&CK v15 is now streaming from your favorite TAXII servers or wherever STIX is served.
Amy Robertson wrote a post about our latest era at medium.com/mitre-attack/a… or visit the changelog at attack.mitre.org/resources/upda….

We’ve had some amazing workshops submitted for DEATHCon already, and the CFP is still open! If you’ve got an idea for a workshop but aren’t sure of the details or how to make it work, DM us to chat and we’ll help you figure it out, or pair you with an experienced mentor

I just published a blog and tool for the LSA Whisperer work that was presented at the SpecterOps Conference (SOCON) back in March.

If you are interested in getting credentials from LSASS without accessing its memory, check it out!
medium.com/specter-ops-po…

I wrote a script to identify every TAKEOVER and ELEVATE attack in Misconfiguration Manager that can be run with Read-only Analyst privileges or higher in SCCM. Please share with your IT admins, defenders, clients, assessors, and friends in infosec!
posts.specterops.io/rooting-out-ri…

Check out 🚀msInvader: Simulate adversary techniques in M365 & Azure using Graph, REST, and EWS. Designed for blue teams, it helps generate attack telemetry to build, test, and enhance detection controls
🔗 github.com/mvelazc0/msInv…
📺 youtube.com/watch?v=a6iUru…
#M365 #Azure #EntraID …

In August 2024, we will host a new Advanced Detection Engineering in the Enterprise training at #bhusa ! Ticket sales have already started! Reserve your ticket before May 24th to get the best eary-bird rate: blackhat.com/us-24/training…

#detectionengineering #training

🤩 wow! There have already been some great workshop proposals submitted in response to the CFP! The community of threat hunters and detection engineers is just amazingly creative and kind to share knowledge

We hear you that doing the MITRE is hard! Today we're launching a MITRE training bootcamp to help you all get your & on.

First up: Achieve 100% coverage! Head on over to attack.mitre.org/full-coverage.… and play for that 100% MITRE coverage everyone's been bragging about!

DEATHCon 2024 dates announced, and CFP is now open for Detection Engineering and Threat Hunting workshop proposals!
deathcon.io
November 16-17, Online and in-person around the 🌍: Seattle, Orlando, Montreal, Edinburgh, Bonn, and Kuala Lumpur

#BloodHound v5.8.0 is live now! This release includes support for .zip ingest, clearing the graph database natively, ADCS ESC4, and more! SpecterOps 🇺🇦 support.bloodhoundenterprise.io/hc/en-us/artic…

Have you ever been on the receiving end of a red team or advanced cyber attack and wished you had detected more of their activities?

Come join our training at  #bhusa this summer! We’ll teach you a methodology to research and develop solid detections.

blackhat.com/us-24/training…

New blog post is up... Identity Providers for RedTeamers. This follows my #SOCON2024 talk, and provides the technicals behind the presentation, looking at other IdP's and what techniques are effective beyond Okta. blog.xpnsec.com/identity-provi…

I've always recommend the free Microsoft 365 developer subscription as a great way to learn. Having it locked behind a 600 EUR to 3k EUR minimum cost is going to hurt Identity Security learning capabilities for everyone. Very sad to see it like this.
devblogs.microsoft.com/microsoft365de…

Great news, everyone! Red Canary's 2024 Threat Detection Report is officially live! I've read it three times, and it's our best yet. Every section is worth your time, but I'm going to post my personal highlights in the thread. redcanary.com/threat-detecti…

Got a demo of this yesterday, super impressive and useful stuff from Will!
It solves an issue I was running into on one of my projects.

Very good post! If you want to play with RAG, make sure to read this.

I'm pumped to announce the release of Misconfiguration Manager, a knowledge base and how-to for both offensive and defensive SCCM attack path management, that Duane Michael, Garrett, and I have been working on! Check it out and let us know what you think! posts.specterops.io/misconfigurati…

EXPLORE | Introducing FalconHound! Olaf Hartong from @FalconForceTeam is demonstrating this new toolkit, designed to augment BloodHound’s capabilities and how FalconHound integrates w/ a host of security tools. #SOCON2024