Abusing Slack for Offensive Operations: Part 2 When I first started diving into offensive Slack access, one of the best public resources I found wa... 2023-11-10 01:2:5 | 阅读: 14 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io keychain windows database cody remote

Lateral Movement without Lateral Movement (Brought to you by ConfigMgr) IntroductionEarlier this year, I submitted a pull request to SharpSCCM’s repository. SharpSCCM is a... 2023-11-7 21:49:21 | 阅读: 13 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io cmpivot configmgr sharpsccm sccm

Phishing With Dynamite Token stealing is getting harder. Instead, stealing whole logged-in browser instances may be an easi... 2023-11-7 21:48:23 | 阅读: 17 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io bitm phishing attacker cuddlephish

Domain of Thrones: Part II Written by Nico Shyne & Josh PragerIn the first installment of “Domain of Thrones,” we meticulously... 2023-11-7 00:51:41 | 阅读: 14 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io defenders microsoft security client forest

On Detection: Tactical to Functional Part 10: Implicit Process CreateWelcome back to another installment of the On Detection: Tactical to... 2023-11-2 00:5:47 | 阅读: 17 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io implicit whoami windows execmethod hollowing

Lateral Movement: Abuse the Power of DCOM Excel Application In this post, we will talk about an interesting lateral movement technique called ActivateMicrosoftA... 2023-10-31 02:31:31 | 阅读: 11 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io microsoft dcom foxprow clsid

CVE-2023–4632: Local Privilege Escalation in Lenovo System Updater Version: Lenovo Updater Version <= 5.08.01.0009Operating System Tested On: Windows 10 22H2 (x64)Vuln... 2023-10-27 00:52:9 | 阅读: 36 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io lenovo hellolevel attacker privileged

Domain of Thrones: Part I Written by Nico Shyne & Josh PragerJust as in the political landscape of Westeros, defenders face a... 2023-10-25 00:25:38 | 阅读: 30 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io windows security ntds defenders dit

On Detection: Tactical to Functional Part 9: Perception vs. ConceptionThe concepts discussed in this post are related to those discussed... 2023-10-21 02:43:37 | 阅读: 13 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io mde memory actiontype sysmon injection

Bloodhound Enterprise: securing Active Directory using graph theory Prior to my employment at SpecterOps, I hadn’t worked in the information security industry- as a res... 2023-10-21 00:1:36 | 阅读: 45 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io manhattan bloodhound security routes fig

Uncovering RPC Servers through Windows API Analysis Have you ever tried to reverse a simple Win32 API? If not, let’s look at one together today! This ar... 2023-10-19 00:8:10 | 阅读: 39 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io midl client microsoft windows logonusera

Perfect Loader Implementations Thank you to SpecterOps for supporting this research and to Lee and Sarah for proofreading and editi... 2023-10-10 01:28:18 | 阅读: 12 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io loader memory windows library developers

SCCM Hierarchy Takeover One Site to Rule Them AllThere is no security boundary between sites in the same hierarchy.When an a... 2023-9-25 22:52:48 | 阅读: 6 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io database sccm security rbac

Ghostwriter v4: 2FA, RBAC, and Logging, Oh My! Ghostwriter v4 is officially here! Technically, it’s been available as a release candidate for a whi... 2023-9-21 01:7:44 | 阅读: 7 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io ghostwriter cobalt client beacon django

Reactive Progress and Tradecraft Innovation The overarching goal of a security operations program is to prevent or mitigate the impact of an att... 2023-9-20 00:41:13 | 阅读: 23 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io tradecraft attackers mimikatz memory distinct

What is Tier Zero — Part 2 Round 2!This is Part 2 of our webinar and blog post series Defining the Undefined: What is Tier Zero... 2023-9-14 23:40:7 | 阅读: 8 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io tier rodc attacker containers gpo

Shadow Wizard Registry Gang: Structured Registry Querying The Windows registry, an intricate database storing settings for both the operating system and the a... 2023-9-6 00:58:9 | 阅读: 9 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io nemesis bofs c2 querying beacon

Site Takeover via SCCM’s AdminService API tl:dr: The SCCM AdminService API is vulnerable to NTLM relaying and can be abused for SCCM site take... 2023-8-11 01:54:11 | 阅读: 13 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io sccm database contoso

Hacking With Your Nemesis In the first post in this series, On (Structured) Data, we talked about the gap area of offensive st... 2023-8-10 04:29:3 | 阅读: 10 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io nemesis enrichment kubernetes enrichments analytic

BloodHound Community Edition: A New Era I’m proud to announce the availability of BloodHound Community Edition (BloodHound CE)!What you need... 2023-8-9 00:17:8 | 阅读: 15 | 收藏 | Posts By SpecterOps Team Members - Medium - posts.specterops.io bloodhound 4072641716 570004220 2248230615 tokenid