| Website | https://specterops.io/ |
| https://twitter.com/specterops | |
| Blog | https://posts.specterops.io/ |
Attackers don’t exploit tools—they exploit identities. Learn how to defend where it matters. Join operators and defenders for one of our hands-on training courses at #SOCON2026.
In-person attendees also receive a free conference pass. Save your spot ➡️ https://ghst.ly/socon-2026
See your network shares the way attackers do. 👀
Meet ShareHound, an OpenGraph collector for BloodHound CE & Enterprise that reveals share-level attack paths at scale. @podalirius unpacks all the details in our latest blog post. https://ghst.ly/4ogiBqt
🕵️ Uncovering network attack paths with runZeroHound!
As of today you can feed your runZero asset inventory into @SpecterOps BloodHound v8. runZeroHound is an open source toolkit that brings your runZero asset data into BloodHound’s OpenGraph model to reveal real-world attack paths.
👉 @hdm breaks it down in his latest post: https://www.runzero.com/blog/introducing-runzerohound/
Credential Guard was supposed to end credential dumping. It didn't.
Valdemar Carøe just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled.
Read for more: https://ghst.ly/4qtl2rm
#SOCON2026 is where the global security community unites to push the boundaries of identity-first defense.
Got insights on attack paths, identity risks, or BloodHound OpenGraph? Submit your talk to our CFP before it closes Nov. 15 ➡️ https://ghst.ly/socon26-cfp
The CFP for #SOCON2026 is OPEN! 🙌
Have you been working on something interesting in Attack Path Management or identity-first defense? Join us in Arlington, VA (April 13–14) and share your work with the community.
Submit your talk by Nov. 15 → https://ghst.ly/socon26-cfp
Microsoft introduced nested application auth (NAA) in 2024. Researchers spotted FOCI similarities & dubbed it brokered client IDs (BroCI).
Hope Walker documents NAA flows and BroCI—filling a gap for research on Microsoft identity protocols. Read more: https://ghst.ly/3Jdhp7Z
Your strongest platform is only as secure as its weakest dependency. And you probably don't know what those are.
Jared Atkinson dives into the Clean Source Principle, hidden trust relationships, & why BloodHound OpenGraph changes the game. https://ghst.ly/4pYTtFU
TL;DR Modern identity systems are deeply interconnected, and every weak dependency creates an attack path — no matter how strong any single platform appears. The Clean Source Principle and BloodHound OpenGraph make these hidden relationships visible, empowering defenders to treat Attack Path Management as an ongoing discipline rather than a one-time project. Introduction In his 2024 blog post, The Security […]
Red teams slip past detection. Defenders adapt. The cycle continues. 🔄
John Wotton's latest on AI gated loaders shows how offensive operators are using LLMs to make shellcode execution context-aware, executing only when OPSEC policies are met. https://ghst.ly/4nvxsgh
Securing Domain Controllers without breaking AD is harder than it sounds. Michael Grafnetter at HIP Conference covers:
✅ IaC approach to Windows Firewall policy
✅ RPC filters & outbound traffic controls
✅ Hybrid environment challenges
✅ Network service discovery
Learn more: www.hipconf.com/agenda/
runZero, Inc
