David McGuire
@davidmcguire.bsky.social
CEO @specterops.bsky.social
Reposted by David McGuire
@reconmtl.bsky.social has uploaded the majority of the 2025 talks, including my talk on LSA. You can check it out at the below link if you'd like.
Thank you again to the organizers and everyone else who helps put on the conference. I look forward to coming back!
youtu.be/G2CfMWXLU1U?...
Thank you again to the organizers and everyone else who helps put on the conference. I look forward to coming back!
youtu.be/G2CfMWXLU1U?...
Recon 2025 - The Finer Details of LSA Credential Recovery
YouTube video by Recon Conference
youtu.be
October 16, 2025 at 3:34 PM
@reconmtl.bsky.social has uploaded the majority of the 2025 talks, including my talk on LSA. You can check it out at the below link if you'd like.
Thank you again to the organizers and everyone else who helps put on the conference. I look forward to coming back!
youtu.be/G2CfMWXLU1U?...
Thank you again to the organizers and everyone else who helps put on the conference. I look forward to coming back!
youtu.be/G2CfMWXLU1U?...
Reposted by David McGuire
BloodHound v8.0 is here! 🎉
This update introduces BloodHound OpenGraph, revolutionizing Identity Attack Path Management by exposing attack paths throughout your entire tech stack, not just AD/Entra ID.
Read more from Justin Kohler: ghst.ly/bloodhoundv8
🧵: 1/7
This update introduces BloodHound OpenGraph, revolutionizing Identity Attack Path Management by exposing attack paths throughout your entire tech stack, not just AD/Entra ID.
Read more from Justin Kohler: ghst.ly/bloodhoundv8
🧵: 1/7
July 29, 2025 at 1:13 PM
BloodHound v8.0 is here! 🎉
This update introduces BloodHound OpenGraph, revolutionizing Identity Attack Path Management by exposing attack paths throughout your entire tech stack, not just AD/Entra ID.
Read more from Justin Kohler: ghst.ly/bloodhoundv8
🧵: 1/7
This update introduces BloodHound OpenGraph, revolutionizing Identity Attack Path Management by exposing attack paths throughout your entire tech stack, not just AD/Entra ID.
Read more from Justin Kohler: ghst.ly/bloodhoundv8
🧵: 1/7
Reposted by David McGuire
Classic NTLM relay problem: Stuck on port 445/TCP, can't use WMI (needs 135/TCP), and dumping hashes triggers EDR alerts.
So what's a stealthy attacker to do? 🤔
Our latest blog post explores evasive alternatives beyond the old techniques. ghst.ly/3ILR1l0
So what's a stealthy attacker to do? 🤔
Our latest blog post explores evasive alternatives beyond the old techniques. ghst.ly/3ILR1l0
Escaping the Confines of Port 445 - SpecterOps
NTLM relay attacks targeting SMB restrict lateral movement options to those that solely require port 445/TCP. Learn at least one method of overcoming this restriction to enable additional lateral move...
ghst.ly
July 25, 2025 at 12:02 AM
Classic NTLM relay problem: Stuck on port 445/TCP, can't use WMI (needs 135/TCP), and dumping hashes triggers EDR alerts.
So what's a stealthy attacker to do? 🤔
Our latest blog post explores evasive alternatives beyond the old techniques. ghst.ly/3ILR1l0
So what's a stealthy attacker to do? 🤔
Our latest blog post explores evasive alternatives beyond the old techniques. ghst.ly/3ILR1l0
Reposted by David McGuire
@logangoins.bsky.social is dropping knowledge on ADWS exploitation. 🧠
Learn how attackers use the SOAP protocol for LDAP collection on Domain Controllers & dive into maximizing OPSEC-considerate collection workflows while exploring detection methods. ghst.ly/4lPodH4
Learn how attackers use the SOAP protocol for LDAP collection on Domain Controllers & dive into maximizing OPSEC-considerate collection workflows while exploring detection methods. ghst.ly/4lPodH4
Make Sure to Use SOAP(y) - An Operators Guide to Stealthy AD Collection Using ADWS - SpecterOps
Learn how to perform stealthy recon of Active Directory environments over ADWS for Red Team Assessments
ghst.ly
July 25, 2025 at 4:19 PM
@logangoins.bsky.social is dropping knowledge on ADWS exploitation. 🧠
Learn how attackers use the SOAP protocol for LDAP collection on Domain Controllers & dive into maximizing OPSEC-considerate collection workflows while exploring detection methods. ghst.ly/4lPodH4
Learn how attackers use the SOAP protocol for LDAP collection on Domain Controllers & dive into maximizing OPSEC-considerate collection workflows while exploring detection methods. ghst.ly/4lPodH4
Reposted by David McGuire
BadSuccessor is a new AD attack primitive that abuses dMSAs, allowing an attacker who can modify or create a dMSA to escalate privileges and take over the forest.
Check out @jimsycurity.adminsdholder.com's latest blog post to understand how you can mitigate risk. ghst.ly/4kXTLd9
Check out @jimsycurity.adminsdholder.com's latest blog post to understand how you can mitigate risk. ghst.ly/4kXTLd9
Understanding & Mitigating BadSuccessor - SpecterOps
Understanding the impact of the BadSuccessor AD attack primitive and mitigating the abuse via targeted Deny ACEs on Organizational Units.
ghst.ly
May 27, 2025 at 9:11 PM
BadSuccessor is a new AD attack primitive that abuses dMSAs, allowing an attacker who can modify or create a dMSA to escalate privileges and take over the forest.
Check out @jimsycurity.adminsdholder.com's latest blog post to understand how you can mitigate risk. ghst.ly/4kXTLd9
Check out @jimsycurity.adminsdholder.com's latest blog post to understand how you can mitigate risk. ghst.ly/4kXTLd9
Reposted by David McGuire
We're proud to sponsor BSides Groningen, happening today. Find our team at the event and say hi! 👋
May 2, 2025 at 11:48 AM
We're proud to sponsor BSides Groningen, happening today. Find our team at the event and say hi! 👋
Reposted by David McGuire
Think NTLM relay is a solved problem? Think again.
Relay attacks are more complicated than many people realize. Check out this deep dive from Elad Shamir on NTLM relay attacks & the new edges we recently added to BloodHound. ghst.ly/4lv3E31
Relay attacks are more complicated than many people realize. Check out this deep dive from Elad Shamir on NTLM relay attacks & the new edges we recently added to BloodHound. ghst.ly/4lv3E31
April 8, 2025 at 11:00 PM
Think NTLM relay is a solved problem? Think again.
Relay attacks are more complicated than many people realize. Check out this deep dive from Elad Shamir on NTLM relay attacks & the new edges we recently added to BloodHound. ghst.ly/4lv3E31
Relay attacks are more complicated than many people realize. Check out this deep dive from Elad Shamir on NTLM relay attacks & the new edges we recently added to BloodHound. ghst.ly/4lv3E31
Reposted by David McGuire
Our team is at #GartnerIAM! Come find our team at Booth 407. 🔍
Talk with Specters about BloodHound Enterprise, our open source tools, and get answers on Identity Attack Path Management.
Talk with Specters about BloodHound Enterprise, our open source tools, and get answers on Identity Attack Path Management.
March 24, 2025 at 11:53 AM
Our team is at #GartnerIAM! Come find our team at Booth 407. 🔍
Talk with Specters about BloodHound Enterprise, our open source tools, and get answers on Identity Attack Path Management.
Talk with Specters about BloodHound Enterprise, our open source tools, and get answers on Identity Attack Path Management.
Reposted by David McGuire
Attackers see what you don't: paths between your cloud & on-prem systems.
Our Chief Product Officer Justin Kohler will be at #GartnerIAM demonstrating how attackers exploit these connections & how Attack Path Management can help close these gaps. ghst.ly/4kzkFbB
Our Chief Product Officer Justin Kohler will be at #GartnerIAM demonstrating how attackers exploit these connections & how Attack Path Management can help close these gaps. ghst.ly/4kzkFbB
March 20, 2025 at 1:26 PM
Attackers see what you don't: paths between your cloud & on-prem systems.
Our Chief Product Officer Justin Kohler will be at #GartnerIAM demonstrating how attackers exploit these connections & how Attack Path Management can help close these gaps. ghst.ly/4kzkFbB
Our Chief Product Officer Justin Kohler will be at #GartnerIAM demonstrating how attackers exploit these connections & how Attack Path Management can help close these gaps. ghst.ly/4kzkFbB
Reposted by David McGuire
Hear how State Street Bank tackled #identitysecurity compliance using the adversary’s view of #AttackPaths. Join Justin Kohler & State Street's Eric McGuffin at #FSISAC as they unpack the process & tools used to secure AD & Azure.
Learn more ▶️ ghst.ly/3D61s0s
Learn more ▶️ ghst.ly/3D61s0s
February 28, 2025 at 6:21 PM
Hear how State Street Bank tackled #identitysecurity compliance using the adversary’s view of #AttackPaths. Join Justin Kohler & State Street's Eric McGuffin at #FSISAC as they unpack the process & tools used to secure AD & Azure.
Learn more ▶️ ghst.ly/3D61s0s
Learn more ▶️ ghst.ly/3D61s0s
Thrilled to announce @specterops.bsky.social has raised Series B funding to tackle Identity Attack Paths! Identity security matters more now than ever. And we're just getting started.
Read more: ghst.ly/seriesb-blog
Read more: ghst.ly/seriesb-blog
Fueling the Fight Against Identity Attacks - SpecterOps
When we founded SpecterOps, one of our core principles was to build a company which brought unique insight into high-capability adversary tradecraft, constantly innovating in research and tooling. We ...
ghst.ly
March 5, 2025 at 5:32 PM
Thrilled to announce @specterops.bsky.social has raised Series B funding to tackle Identity Attack Paths! Identity security matters more now than ever. And we're just getting started.
Read more: ghst.ly/seriesb-blog
Read more: ghst.ly/seriesb-blog
Reposted by David McGuire
Our Consulting Services team is growing! 🙌
We are now hiring Consultants and Senior Consultants to join the team as operators, trainers, and program developers.
Learn more & apply today! ghst.ly/3PBmGFZ
We are now hiring Consultants and Senior Consultants to join the team as operators, trainers, and program developers.
Learn more & apply today! ghst.ly/3PBmGFZ
January 16, 2025 at 2:06 PM
Our Consulting Services team is growing! 🙌
We are now hiring Consultants and Senior Consultants to join the team as operators, trainers, and program developers.
Learn more & apply today! ghst.ly/3PBmGFZ
We are now hiring Consultants and Senior Consultants to join the team as operators, trainers, and program developers.
Learn more & apply today! ghst.ly/3PBmGFZ
Reposted by David McGuire
What can you expect to learn in our Azure Security Fundamentals training at #SOCON2025? Course architect
@1cemoon.bsky.social shares that students will dive into:
➡️ Azure Resource Manager
➡️ Common security misconfigurations
➡️ Entra ID authentication
Register today: ghst.ly/reg-socon25-...
@1cemoon.bsky.social shares that students will dive into:
➡️ Azure Resource Manager
➡️ Common security misconfigurations
➡️ Entra ID authentication
Register today: ghst.ly/reg-socon25-...
December 11, 2024 at 8:28 PM
What can you expect to learn in our Azure Security Fundamentals training at #SOCON2025? Course architect
@1cemoon.bsky.social shares that students will dive into:
➡️ Azure Resource Manager
➡️ Common security misconfigurations
➡️ Entra ID authentication
Register today: ghst.ly/reg-socon25-...
@1cemoon.bsky.social shares that students will dive into:
➡️ Azure Resource Manager
➡️ Common security misconfigurations
➡️ Entra ID authentication
Register today: ghst.ly/reg-socon25-...
Reposted by David McGuire
Good news, BloodHound users! 🎉
We’ve rolled out v6.3 with new features & improvements to help you visualize #AttackPaths more clearly & show progress in reducing identity risks over time. Check out Justin Kohler's blog post to learn more: ghst.ly/49wB23L
We’ve rolled out v6.3 with new features & improvements to help you visualize #AttackPaths more clearly & show progress in reducing identity risks over time. Check out Justin Kohler's blog post to learn more: ghst.ly/49wB23L
December 12, 2024 at 5:05 PM
Good news, BloodHound users! 🎉
We’ve rolled out v6.3 with new features & improvements to help you visualize #AttackPaths more clearly & show progress in reducing identity risks over time. Check out Justin Kohler's blog post to learn more: ghst.ly/49wB23L
We’ve rolled out v6.3 with new features & improvements to help you visualize #AttackPaths more clearly & show progress in reducing identity risks over time. Check out Justin Kohler's blog post to learn more: ghst.ly/49wB23L
Proud to share that SpecterOps has earned FedRAMP High Authorization for BloodHound Enterprise! Government agencies are at high risk for identity-based attacks, and now BHE is available to those that operate at the FedRAMP High baseline.
Learn more: ghst.ly/bhe-fedramp-...
Learn more: ghst.ly/bhe-fedramp-...
FedRAMP High Authorization for BloodHound Enterprise is a Critical Win for the Public Sector - SpecterOps
Author: David McGuire, CEO, SpecterOps Today, we’re thrilled to announce that SpecterOps has earned FedRAMP High Authorization for BloodHound Enterprise! This is no small achievement, as it makes our...
ghst.ly
December 5, 2024 at 6:19 PM
Proud to share that SpecterOps has earned FedRAMP High Authorization for BloodHound Enterprise! Government agencies are at high risk for identity-based attacks, and now BHE is available to those that operate at the FedRAMP High baseline.
Learn more: ghst.ly/bhe-fedramp-...
Learn more: ghst.ly/bhe-fedramp-...
Reposted by David McGuire
A quick tour of new functions in BARK that support Azure Key Vault tradecraft research, including a walk-through of how an adversary may chain these functions together as part of an attack path: posts.specterops.io/azure-key-va...
November 20, 2024 at 7:03 PM
A quick tour of new functions in BARK that support Azure Key Vault tradecraft research, including a walk-through of how an adversary may chain these functions together as part of an attack path: posts.specterops.io/azure-key-va...
Reposted by David McGuire
Our RTO course is going to London! 🇬🇧
Join our training at #BHEU December 9-12, and test your offensive skills in a hardened enterprise environment with live defenders hunting you down.
Learn more & register 👉 ghst.ly/4hT39xN
Join our training at #BHEU December 9-12, and test your offensive skills in a hardened enterprise environment with live defenders hunting you down.
Learn more & register 👉 ghst.ly/4hT39xN
November 20, 2024 at 10:13 PM
Our RTO course is going to London! 🇬🇧
Join our training at #BHEU December 9-12, and test your offensive skills in a hardened enterprise environment with live defenders hunting you down.
Learn more & register 👉 ghst.ly/4hT39xN
Join our training at #BHEU December 9-12, and test your offensive skills in a hardened enterprise environment with live defenders hunting you down.
Learn more & register 👉 ghst.ly/4hT39xN