SpecterOps

BIG NEWS: SpecterOps raises $75M to strengthen Identity security! Excited to announce our $75M Series B funding round led by Insight Partners, with participation from Ansa Capital, M12, Microsoft's Venture Fund, Ballistic Ventures, Decibel Partners and Cisco Investments. We're tackling the complicated problem of Identity Attack Paths with a prevention-first approach - eliminating the backdoors that attackers exploit before they can turn initial access into devastating data breaches. The momentum is real: ?? BloodHound Enterprise: 100% YoY ARR growth in 2024 ?? Nearly 200 customers who achieve 40% reduction in identity risk within first 30 days ?? Supporting the 90% of companies relying on Active Directory - a frequent target for threat actors Our CEO, David McGuire, explains why identity risk increases as networks become more distributed and how Attack Path Management stands apart as one of the only true prevention solutions in the increasingly crowded identity security market.?https://lnkd.in/eEdSWWpf #IdentitySecurity #AttackPathManagement #CyberSecurity #SeriesB

What exactly are Attack Paths & why should you care? Join Nick Kuligoski next Tuesday for a walkthrough of how BloodHound approaches identification and elimination of these security gaps. Register today! ?? https://lnkd.in/ehbefQRy

We are serving up another #BloodHoundBasics post, this time on understanding how BloodHound classifies Tier Zero. Q: Why is not just the DA group Tier Zero but also all members? A: BloodHound classifies a few default Tier Zero assets, then adds more w/ logic from known attack techniques. Here is a breakdown of three Active Directory Tier Zero inheritance rules: 1?? A Group/User/Computer is Tier Zero if it is a member of a Tier Zero group. Why? Control the account & you will through group membership automatically have all the permissions of the group. 2?? An OU is Tier Zero if it contains a Tier Zero principal. Why? Control the OU = control objects within by either: 1. Set an abusable ACE on the OU (e.g. FullControl) and let it inherit to objects within. 2. Link any abusable GPO to the OU & let it apply to objects within. 3?? A GPO is Tier Zero if it affects a Tier Zero principal. Why? Control the GPO and you can modify it to execute code as the principal, for example, through a Scheduled Task or Logon Script. You will soon be able to easily understand why a specific object is classified as Tier Zero, but for now, you can use these three Cypher queries. On the Explore page, run the below queries after replacing "OBJECT_ID_HERE" with that of your object under investigation: // Tier Zero reason for: Group/User/Computer MATCH p=(n:Base)-[:MemberOf*1..]->(t:Group) WHERE n.objectid = "OBJECT_ID_HERE" AND COALESCE(t.system_tags, '') CONTAINS 'admin_tier_0' RETURN p LIMIT 500 // Tier Zero reason for: OU MATCH p=(n:Base)-[:Contains*1..]->(t:Base) WHERE n.objectid = "OBJECT_ID_HERE" AND COALESCE(t.system_tags, '') CONTAINS 'admin_tier_0' AND (t:User or t:Computer or t:Group) RETURN p LIMIT 500 // Tier Zero reason for: GPO MATCH p=(n:GPO)-[:GPLink|Contains*1..]->(t:Base) WHERE n.objectid = "OBJECT_ID_HERE" AND COALESCE(t.system_tags, '') CONTAINS 'admin_tier_0' AND (t:User or t:Computer) RETURN p LIMIT 500 s/o Martin Sohn Christensen

How does a single AD breach lead to a third-party app compromise? Matthew Merrill & Zachary Stein's session at #SOCON2025 will map the attack path journey & highlight the impact of unauthorized access to critical systems & third-party apps. There's still time to register at https://ghst.ly/socon-li

Join Joshua Prager at #SOCON2025 for his talk diving into the Misconfiguration Manager project attack techniques for both an offensive & defensive audience. He will also cover detection & evasion techniques in an "IDOT Red Vs Blue" style. Register today at https://ghst.ly/socon-li

Attackers see what you don't: paths between your cloud & on-prem systems. Our Chief Product Officer Justin Kohler will be at #GartnerIAM demonstrating how attackers exploit these connections & how Attack Path Management can help close these gaps. https://ghst.ly/4kzkFbB

Part 2 of Nathan Davis' Getting Started with BloodHound Enterprise series just dropped! This post is all about understanding and contextualizing Tier Zero, and ensuring you have an accurate depiction of the Attack Paths that exist in your BHE tenant. Check out the post to learn more: https://ghst.ly/4kEebbK

Meet Sniffer BloodHound! ?? JYUN-MING SU & Maxine Shih from CyCraft Technology will be at #SOCON2025 to introduce the algorithm-driven framework which seamlessly integrates into BloodHound. Sniffer BloodHound significantly reduces analysis time and improves accuracy, empowering red and blue teams to efficiently detect and disrupt Attack Paths. Register today to join their talk: https://ghst.ly/socon-li

Make sure your plan for #GartnerIAM includes a conversation with our team. Specters will be at Booth 407 during the event, ready to talk to you about reducing Identity risk and our Attack Path Management tool, BloodHound Enterprise. Learn more at https://lnkd.in/esPNM8SP

For over 25 years, the NTLM protocol has plagued Windows environments. Join Lee Chagolla-Christensen and Rohan Vazarkar at #SOCON2025 and hear how security teams can use BloodHound to detect, exploit, and mitigate NTLM's many problems throughout an environment. Register at ghst.ly/socon-li