Mythic 3.3 — Out of Beta
Mythic 3.3 — Out of BetaMythic 3.3 was released in a Beta six weeks ago, and since then there has been a bunch of feedback, not just about new Mythic 3.3 features but about the ...
Ghostwriter ❤ Tool Integration
Incorporating new components into existing systems is such a pain, this process has been labeled “Integration Hell”. To ease tool integration, Ghostwriter v3.0.0 shipped with a GraphQL API. This API allows outside ...
Life at SpecterOps: The Red Team Dream
TL;DRWe are hiring consultants at various levels. The job posting can be found under the Consultant opening here: https://specterops.io/careers/#careersIntroductionHey there! I’m Duane Michael, a Managing Consultant and red teamer at SpecterOps. Over ...
Teach a Man to Phish
PHISHING SCHOOLA Decade of Distilled Phishing WisdomI decided to give away all of my phishing secrets for free. I realized at some point that I have been giving away phishing secrets for years, ...
Navigating the Uncharted: A Framework for Attack Path Discovery
This is the second post in a series on Identity-Driven Offensive Tradecraft, which is also the focus of the new course we will launch in October. In the previous post, I asked, ...
Sleeping With the Phishes
PHISHING SCHOOLHiding C2 With Stealthy Callback ChannelsWrite a custom command and control (C2) implant — Check ✅Test it on your system — Check ✅Test it in a lab against your client’s endpoint detection and response (EDR) product — Check ✅Convince a target ...
BloodHound Operator — Dog Whispering Reloaded
BloodHound Operator — Dog Whispering ReloadedIt’s summer 2024 and we are back! Actually, we are SO back, so I decided that this required a little blog post.If you like BloodHound & PowerShell, and if you ...
Hybrid Attack Paths, New Views and your favorite dog learns an old trick
Introducing Hybrid Attack PathsDeath from Above: An Attack Path from Azure to Active Directory With BloodHoundWhen we introduced Azure Attack Paths into BloodHound, they were added as a completely separate sub-graph. At no ...
Relay Your Heart Away: An OPSEC-Conscious Approach to 445 Takeover
Even within organizations that have achieved a mature security posture, targeted NTLM relay attacks are still incredibly effective after all these years of abuse. Leveraging several of these NTLM relay primitives, specifically ...
Deep Sea Phishing Pt. 2
PHISHING SCHOOLMaking Your Malware Look Legit to Bypasses EDRI wanted to write this blog about several good techniques for endpoint detection and response (EDR) evasion; however, as I was writing about how to ...
