attack-path-management
Navigating the Uncharted: A Framework for Attack Path Discovery
This is the second post in a series on Identity-Driven Offensive Tradecraft, which is also the focus of the new course we will launch in October. In the previous post, I asked, ...
Hybrid Attack Paths, New Views and your favorite dog learns an old trick
Introducing Hybrid Attack PathsDeath from Above: An Attack Path from Azure to Active Directory With BloodHoundWhen we introduced Azure Attack Paths into BloodHound, they were added as a completely separate sub-graph. At no ...
The Security Principle Every Attacker Needs to Follow
Earlier this year, I was tasked with developing a follow-on course for our renowned Adversary Tactics: Red Team Operations course. The new course needed to cover the advanced tradecraft we perform on ...
An AWS Administrator Identity Crisis: Part 1
BLUF: Every attack path needs a destination. This is a formalized way of describing destinations in AWS. In cloud providers where we only have data plane access, we divert our focus from ...
Mapping Snowflake’s Access Landscape
Attack Path ManagementBecause Every Snowflake (Graph) is UniqueIntroductionOn June 2nd, 2024, Snowflake released a joint statement with Crowdstrike and Mandiant addressing reports of “[an] ongoing investigation involving a targeted threat campaign against some ...
Misconfiguration Manager: Overlooked and Overprivileged
TL;DR: Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance. We’re also presenting this material at SO-CON 2024 on March 11, ...
Final Steps to BloodHound Federal — FedRAMP High Compliance
Final Steps to BloodHound Federal — FedRAMP High ComplianceEver since SpecterOps first launched BloodHound Enterprise (BHE) in July 2021, one of our team’s biggest frustrations involved a lack of FedRAMP qualifications, which prevented us ...
Cypher Queries in BloodHound Enterprise
BloodHound Enterprise (BHE) recently saw the addition of a new, game-changing feature: open-ended Cypher searches. For those unfamiliar, Cypher is a declarative query language used for retrieving data from a graph database ...
FOSS BloodHound 4.3.1 release
We are excited to share the release of BloodHound version 4.3.1. We have accepted a lot of pull requests made by BloodHound users for bug fixes and cool improvements in this release ...
Attack Path Management Pillars: Part 3 — Safe AD Security Remediation Guidance
Attack Path Management Pillars: Part 3 —Practical AD Security Remediation GuidanceHistorically, Identity Attack Paths are a double edge sword; remediation efforts can easily break production applications or create more Attack Paths. Unfortunately, ...
