SpecterOps
@specterops.io
Creators of BloodHound | Experts in Adversary Tradecraft | Leaders in Identity Attack Path Management
Pinned
SpecterOps
@specterops.io
· 18d
The #SOCON2026 agenda is live! 🎉
Explore talks, topics, & speakers across the Tradecraft, OpenGraph, & new Practice Track, focused on turning Attack Path Management into an operational discipline.
Check out the agenda & plan your experience: ghst.ly/socon26-tw
🧵: 1/4
Explore talks, topics, & speakers across the Tradecraft, OpenGraph, & new Practice Track, focused on turning Attack Path Management into an operational discipline.
Check out the agenda & plan your experience: ghst.ly/socon26-tw
🧵: 1/4
Happy #BloodHoundBasics Friday w/ @martinsohn.dk!
Did you know the BloodHound Query Library now includes a ZIP of all queries in Releases on GitHub for bulk importing?
No more copying queries one by one—grab & import the whole collection in seconds!
🧵: 1/3
Did you know the BloodHound Query Library now includes a ZIP of all queries in Releases on GitHub for bulk importing?
No more copying queries one by one—grab & import the whole collection in seconds!
🧵: 1/3
February 13, 2026 at 7:41 PM
Happy #BloodHoundBasics Friday w/ @martinsohn.dk!
Did you know the BloodHound Query Library now includes a ZIP of all queries in Releases on GitHub for bulk importing?
No more copying queries one by one—grab & import the whole collection in seconds!
🧵: 1/3
Did you know the BloodHound Query Library now includes a ZIP of all queries in Releases on GitHub for bulk importing?
No more copying queries one by one—grab & import the whole collection in seconds!
🧵: 1/3
This is your sign to save your spot in our Detection course at #SOCON2026!
Learn how to identify adversaries using TTPs, uncover telemetry gaps, and build alerts that survive real-world evasion.
Attend in person & get a free conf. pass 👉 ghst.ly/socon26-regbsky
Learn how to identify adversaries using TTPs, uncover telemetry gaps, and build alerts that survive real-world evasion.
Attend in person & get a free conf. pass 👉 ghst.ly/socon26-regbsky
February 13, 2026 at 2:46 PM
This is your sign to save your spot in our Detection course at #SOCON2026!
Learn how to identify adversaries using TTPs, uncover telemetry gaps, and build alerts that survive real-world evasion.
Attend in person & get a free conf. pass 👉 ghst.ly/socon26-regbsky
Learn how to identify adversaries using TTPs, uncover telemetry gaps, and build alerts that survive real-world evasion.
Attend in person & get a free conf. pass 👉 ghst.ly/socon26-regbsky
Building an Attack Path Management program is hard. Sustaining one is harder.
Join Robby Winchester & @subat0mik.bsky.social as they introduce BloodHound Scentry, an advisory service to scale APM visibility, remediation & protection across Security, Identity & IT.
➡️ ghst.ly/4tJ4k94
Join Robby Winchester & @subat0mik.bsky.social as they introduce BloodHound Scentry, an advisory service to scale APM visibility, remediation & protection across Security, Identity & IT.
➡️ ghst.ly/4tJ4k94
February 11, 2026 at 7:09 PM
Building an Attack Path Management program is hard. Sustaining one is harder.
Join Robby Winchester & @subat0mik.bsky.social as they introduce BloodHound Scentry, an advisory service to scale APM visibility, remediation & protection across Security, Identity & IT.
➡️ ghst.ly/4tJ4k94
Join Robby Winchester & @subat0mik.bsky.social as they introduce BloodHound Scentry, an advisory service to scale APM visibility, remediation & protection across Security, Identity & IT.
➡️ ghst.ly/4tJ4k94
Introducing BloodHound Scentry: BloodHound Enterprise + SpecterOps experts working alongside your team to eliminate attack paths and accelerate APM.
Level 0 → Level 3 maturity in ~6 months. Not theory. Tradecraft. 🎯
Learn more ➡️ ghst.ly/bhscentry-bsky
Level 0 → Level 3 maturity in ~6 months. Not theory. Tradecraft. 🎯
Learn more ➡️ ghst.ly/bhscentry-bsky
February 10, 2026 at 3:01 PM
Introducing BloodHound Scentry: BloodHound Enterprise + SpecterOps experts working alongside your team to eliminate attack paths and accelerate APM.
Level 0 → Level 3 maturity in ~6 months. Not theory. Tradecraft. 🎯
Learn more ➡️ ghst.ly/bhscentry-bsky
Level 0 → Level 3 maturity in ~6 months. Not theory. Tradecraft. 🎯
Learn more ➡️ ghst.ly/bhscentry-bsky
Happy #BloodHoundBasics from @andyrobbins.bsky.social!
Want to see attack paths in your own environment? Install BloodHound CE with three commands:
1️⃣ wget ghst.ly/3NTWRmY
2️⃣ tar -xvzf bloodhound-cli-linux-amd64.tar.gz
3️⃣ ./bloodhound-cli install
More info here: ghst.ly/3NMjhqn
Want to see attack paths in your own environment? Install BloodHound CE with three commands:
1️⃣ wget ghst.ly/3NTWRmY
2️⃣ tar -xvzf bloodhound-cli-linux-amd64.tar.gz
3️⃣ ./bloodhound-cli install
More info here: ghst.ly/3NMjhqn
January 30, 2026 at 10:58 PM
Happy #BloodHoundBasics from @andyrobbins.bsky.social!
Want to see attack paths in your own environment? Install BloodHound CE with three commands:
1️⃣ wget ghst.ly/3NTWRmY
2️⃣ tar -xvzf bloodhound-cli-linux-amd64.tar.gz
3️⃣ ./bloodhound-cli install
More info here: ghst.ly/3NMjhqn
Want to see attack paths in your own environment? Install BloodHound CE with three commands:
1️⃣ wget ghst.ly/3NTWRmY
2️⃣ tar -xvzf bloodhound-cli-linux-amd64.tar.gz
3️⃣ ./bloodhound-cli install
More info here: ghst.ly/3NMjhqn
New from Andrew Gomez + Allen DeMoura: azureBlob, a Mythic C2 profile that uses Azure Blob Storage as transport.Supported Agents:
🐍 Medusa
🪽 Pegasus (new test agent)
❤️ Your fav agent (with simple integration guide)
ghst.ly/4bLIGKT
🐍 Medusa
🪽 Pegasus (new test agent)
❤️ Your fav agent (with simple integration guide)
ghst.ly/4bLIGKT
January 30, 2026 at 6:33 PM
New from Andrew Gomez + Allen DeMoura: azureBlob, a Mythic C2 profile that uses Azure Blob Storage as transport.Supported Agents:
🐍 Medusa
🪽 Pegasus (new test agent)
❤️ Your fav agent (with simple integration guide)
ghst.ly/4bLIGKT
🐍 Medusa
🪽 Pegasus (new test agent)
❤️ Your fav agent (with simple integration guide)
ghst.ly/4bLIGKT
Identity security in restricted environments shouldn’t be limited to periodic reviews.
BloodHound Enterprise on-premises enables continuous Identity Attack Path Management without cloud connectivity.
Learn more ➡️ ghst.ly/4kadAi0
BloodHound Enterprise on-premises enables continuous Identity Attack Path Management without cloud connectivity.
Learn more ➡️ ghst.ly/4kadAi0
January 29, 2026 at 5:11 PM
Identity security in restricted environments shouldn’t be limited to periodic reviews.
BloodHound Enterprise on-premises enables continuous Identity Attack Path Management without cloud connectivity.
Learn more ➡️ ghst.ly/4kadAi0
BloodHound Enterprise on-premises enables continuous Identity Attack Path Management without cloud connectivity.
Learn more ➡️ ghst.ly/4kadAi0
The #SOCON2026 agenda is live! 🎉
Explore talks, topics, & speakers across the Tradecraft, OpenGraph, & new Practice Track, focused on turning Attack Path Management into an operational discipline.
Check out the agenda & plan your experience: ghst.ly/socon26-tw
🧵: 1/4
Explore talks, topics, & speakers across the Tradecraft, OpenGraph, & new Practice Track, focused on turning Attack Path Management into an operational discipline.
Check out the agenda & plan your experience: ghst.ly/socon26-tw
🧵: 1/4
January 27, 2026 at 10:35 PM
The #SOCON2026 agenda is live! 🎉
Explore talks, topics, & speakers across the Tradecraft, OpenGraph, & new Practice Track, focused on turning Attack Path Management into an operational discipline.
Check out the agenda & plan your experience: ghst.ly/socon26-tw
🧵: 1/4
Explore talks, topics, & speakers across the Tradecraft, OpenGraph, & new Practice Track, focused on turning Attack Path Management into an operational discipline.
Check out the agenda & plan your experience: ghst.ly/socon26-tw
🧵: 1/4
A very happy #BloodHoundBasics day from @psionicjake.github.io!
In BloodHound Enterprise, CanRDP normally means:
"If I compromise this user, I can RDP directly to this machine and land inside Windows."
But Citrix changes what "RDP access" actually means.
🧵: 1/4
In BloodHound Enterprise, CanRDP normally means:
"If I compromise this user, I can RDP directly to this machine and land inside Windows."
But Citrix changes what "RDP access" actually means.
🧵: 1/4
January 23, 2026 at 9:01 PM
A very happy #BloodHoundBasics day from @psionicjake.github.io!
In BloodHound Enterprise, CanRDP normally means:
"If I compromise this user, I can RDP directly to this machine and land inside Windows."
But Citrix changes what "RDP access" actually means.
🧵: 1/4
In BloodHound Enterprise, CanRDP normally means:
"If I compromise this user, I can RDP directly to this machine and land inside Windows."
But Citrix changes what "RDP access" actually means.
🧵: 1/4
Still running MDT? As of Jan 6, 2026, it’s unsupported and unpatched. In this post, @unsignedsh0rt.bsky.social shows how attackers can locate MDT/WDS (even unauthenticated) and chain issues into credential risk. Defenses included.
Read more: ghst.ly/3LYAuw6
Read more: ghst.ly/3LYAuw6
Task Failed Successfully - Microsoft’s “Immediate” Retirement of MDT - SpecterOps
After reporting vulnerabilities found in MDT, Microsoft chose to retire the service rather than fix the issues. As of January 6, 2025, Microsoft stopped supporting MDT and will no longer provide updates, including security patches.
ghst.ly
January 23, 2026 at 4:13 PM
Still running MDT? As of Jan 6, 2026, it’s unsupported and unpatched. In this post, @unsignedsh0rt.bsky.social shows how attackers can locate MDT/WDS (even unauthenticated) and chain issues into credential risk. Defenses included.
Read more: ghst.ly/3LYAuw6
Read more: ghst.ly/3LYAuw6
New MSSQLHound updates from Chris Thompson 🔥
Now includes EPA-based NTLM relay scanning, CVE-2025-49758 patch detection, and BloodHound Cypher queries to map + remediate MSSQL attack paths.
Check it out! ghst.ly/4pZqzVe
Now includes EPA-based NTLM relay scanning, CVE-2025-49758 patch detection, and BloodHound Cypher queries to map + remediate MSSQL attack paths.
Check it out! ghst.ly/4pZqzVe
Updates to the MSSQLHound OpenGraph Collector for BloodHound - SpecterOps
MSSQLHound, a PowerShell script that collects security information from remote MSSQL Server instances, now scans remote MSSQL Server instances to determine whether or not NTLM relay attacks are possible, accounts for a recent privilege escalation vulnerability, and includes queries you can import into the BloodHound attack path graph to visualize, navigate, and remediate misconfigurations in MSSQL.
ghst.ly
January 20, 2026 at 6:05 PM
New MSSQLHound updates from Chris Thompson 🔥
Now includes EPA-based NTLM relay scanning, CVE-2025-49758 patch detection, and BloodHound Cypher queries to map + remediate MSSQL attack paths.
Check it out! ghst.ly/4pZqzVe
Now includes EPA-based NTLM relay scanning, CVE-2025-49758 patch detection, and BloodHound Cypher queries to map + remediate MSSQL attack paths.
Check it out! ghst.ly/4pZqzVe
Friday = #BloodHoundBasics w/ Nathan Davis!
Did you know that you can set the source type for ingested data with OpenGraph? This allows you to search using a custom object type to return all ingested nodes, as well as delete selectively from your BH instance.
🧵: 1/2
Did you know that you can set the source type for ingested data with OpenGraph? This allows you to search using a custom object type to return all ingested nodes, as well as delete selectively from your BH instance.
🧵: 1/2
January 16, 2026 at 9:11 PM
Friday = #BloodHoundBasics w/ Nathan Davis!
Did you know that you can set the source type for ingested data with OpenGraph? This allows you to search using a custom object type to return all ingested nodes, as well as delete selectively from your BH instance.
🧵: 1/2
Did you know that you can set the source type for ingested data with OpenGraph? This allows you to search using a custom object type to return all ingested nodes, as well as delete selectively from your BH instance.
🧵: 1/2
Great detections start by understanding what your telemetry doesn’t show.
Tradecraft Analysis at #SOCON2026 breaks down Windows attack techniques, telemetry layers, and the gaps where detections fail.
Join in-person & get a free conference pass 👉 ghst.ly/socon26-regb...
Tradecraft Analysis at #SOCON2026 breaks down Windows attack techniques, telemetry layers, and the gaps where detections fail.
Join in-person & get a free conference pass 👉 ghst.ly/socon26-regb...
January 15, 2026 at 10:08 PM
Great detections start by understanding what your telemetry doesn’t show.
Tradecraft Analysis at #SOCON2026 breaks down Windows attack techniques, telemetry layers, and the gaps where detections fail.
Join in-person & get a free conference pass 👉 ghst.ly/socon26-regb...
Tradecraft Analysis at #SOCON2026 breaks down Windows attack techniques, telemetry layers, and the gaps where detections fail.
Join in-person & get a free conference pass 👉 ghst.ly/socon26-regb...
SCCM admins: review your roles.
MSSQL admins: review ALTER ANY LOGIN exposure.
Chris Thompson details CVE-2025-47179 & CVE-2025-49758 and how these escalations can be identified through graph analysis.
Check out his blog post for more! ghst.ly/3YDyw7d
MSSQL admins: review ALTER ANY LOGIN exposure.
Chris Thompson details CVE-2025-47179 & CVE-2025-49758 and how these escalations can be identified through graph analysis.
Check out his blog post for more! ghst.ly/3YDyw7d
MSSQL and SCCM Elevation of Privilege Vulnerabilities - SpecterOps
While researching the MSSQL and SCCM permission models to build MSSQLHound and ConfigManBearPig, PowerShell scripts that collect information for the BloodHound attack path management software, I found permissions that allowed elevation of privileges to the MSSQL sysadmin server role and the SCCM Full Administrator security role.
ghst.ly
January 15, 2026 at 7:53 PM
SCCM admins: review your roles.
MSSQL admins: review ALTER ANY LOGIN exposure.
Chris Thompson details CVE-2025-47179 & CVE-2025-49758 and how these escalations can be identified through graph analysis.
Check out his blog post for more! ghst.ly/3YDyw7d
MSSQL admins: review ALTER ANY LOGIN exposure.
Chris Thompson details CVE-2025-47179 & CVE-2025-49758 and how these escalations can be identified through graph analysis.
Check out his blog post for more! ghst.ly/3YDyw7d
SCCM client push strikes again for hierarchy takeover!
@logangoins.bsky.social just dropped a new blog showing how WebClient doesn't need to be already running on site servers to coerce HTTP (WebDav) auth & enable NTLM relay to LDAP for SCCM takeover
Read more: ghst.ly/3Z9Gbu6
@logangoins.bsky.social just dropped a new blog showing how WebClient doesn't need to be already running on site servers to coerce HTTP (WebDav) auth & enable NTLM relay to LDAP for SCCM takeover
Read more: ghst.ly/3Z9Gbu6
Wait, Why is my WebClient Started?: SCCM Hierarchy Takeover via NTLM Relay to LDAP - SpecterOps
During automatic client push installation, an SCCM site server automatically attempts to map WebDav shares on clients, starting WebClient when installed.
ghst.ly
January 14, 2026 at 9:38 PM
SCCM client push strikes again for hierarchy takeover!
@logangoins.bsky.social just dropped a new blog showing how WebClient doesn't need to be already running on site servers to coerce HTTP (WebDav) auth & enable NTLM relay to LDAP for SCCM takeover
Read more: ghst.ly/3Z9Gbu6
@logangoins.bsky.social just dropped a new blog showing how WebClient doesn't need to be already running on site servers to coerce HTTP (WebDav) auth & enable NTLM relay to LDAP for SCCM takeover
Read more: ghst.ly/3Z9Gbu6
SCCM attack paths are messy until you can see them. 👀
ConfigManBearPig from Chris Thompson extends BloodHound with SCCM nodes + edges using OpenGraph, plus queries to surface hierarchy takeovers and escalation paths.
Check it out: ghst.ly/45FCP5G
ConfigManBearPig from Chris Thompson extends BloodHound with SCCM nodes + edges using OpenGraph, plus queries to surface hierarchy takeovers and escalation paths.
Check it out: ghst.ly/45FCP5G
Introducing ConfigManBearPig, a BloodHound OpenGraph Collector for SCCM - SpecterOps
ConfigManBearPig is a standalone PowerShell collector that adds new SCCM attack path nodes and edges to BloodHound using OpenGraph.
ghst.ly
January 13, 2026 at 6:08 PM
SCCM attack paths are messy until you can see them. 👀
ConfigManBearPig from Chris Thompson extends BloodHound with SCCM nodes + edges using OpenGraph, plus queries to surface hierarchy takeovers and escalation paths.
Check it out: ghst.ly/45FCP5G
ConfigManBearPig from Chris Thompson extends BloodHound with SCCM nodes + edges using OpenGraph, plus queries to surface hierarchy takeovers and escalation paths.
Check it out: ghst.ly/45FCP5G
Ghostwriter v6.1 includes a full-featured integration w/ BloodHound Community Edition & Enterprise.
Next week, Christopher Maddalena & Stephen Hinck will discuss the integration, improved collab tools, & what the release means for assessment workflows.
Register ➡️ ghst.ly/jan26-web-bsky
Next week, Christopher Maddalena & Stephen Hinck will discuss the integration, improved collab tools, & what the release means for assessment workflows.
Register ➡️ ghst.ly/jan26-web-bsky
January 13, 2026 at 12:15 AM
Ghostwriter v6.1 includes a full-featured integration w/ BloodHound Community Edition & Enterprise.
Next week, Christopher Maddalena & Stephen Hinck will discuss the integration, improved collab tools, & what the release means for assessment workflows.
Register ➡️ ghst.ly/jan26-web-bsky
Next week, Christopher Maddalena & Stephen Hinck will discuss the integration, improved collab tools, & what the release means for assessment workflows.
Register ➡️ ghst.ly/jan26-web-bsky
It's #BloodHoundBasics day w/ @jonas-bk.bsky.social!
Want to connect w/ other BloodHound users, or the folks building BloodHound?
Join the community Slack 👉 slack.specterops.io
Dedicated channels for:
• Active Directory
• Red Teaming
• SCCM
• Detection
...and more
Come hang with us!
Want to connect w/ other BloodHound users, or the folks building BloodHound?
Join the community Slack 👉 slack.specterops.io
Dedicated channels for:
• Active Directory
• Red Teaming
• SCCM
• Detection
...and more
Come hang with us!
January 9, 2026 at 9:43 PM
It's #BloodHoundBasics day w/ @jonas-bk.bsky.social!
Want to connect w/ other BloodHound users, or the folks building BloodHound?
Join the community Slack 👉 slack.specterops.io
Dedicated channels for:
• Active Directory
• Red Teaming
• SCCM
• Detection
...and more
Come hang with us!
Want to connect w/ other BloodHound users, or the folks building BloodHound?
Join the community Slack 👉 slack.specterops.io
Dedicated channels for:
• Active Directory
• Red Teaming
• SCCM
• Detection
...and more
Come hang with us!
ICYMI: Jared Atkinson recently joined Risky Biz to unpack how BloodHound OpenGraph exposes cross-platform identity attack paths, showing how misconfigurations and permissions chain together across directories, SaaS, & cloud services.
🎧: ghst.ly/4aSxrPY
🎧: ghst.ly/4aSxrPY
January 7, 2026 at 2:33 PM
ICYMI: Jared Atkinson recently joined Risky Biz to unpack how BloodHound OpenGraph exposes cross-platform identity attack paths, showing how misconfigurations and permissions chain together across directories, SaaS, & cloud services.
🎧: ghst.ly/4aSxrPY
🎧: ghst.ly/4aSxrPY
A very merry #BloodHoundBasics, courtesy of @martinsohn.dk!
In Active Directory, the creator of an object (user, computer, group, ...) becomes the object's owner.
What can an owner do? By default, the owner can compromise the created object.
🧵: 1/4
In Active Directory, the creator of an object (user, computer, group, ...) becomes the object's owner.
What can an owner do? By default, the owner can compromise the created object.
🧵: 1/4
December 26, 2025 at 7:00 PM
A very merry #BloodHoundBasics, courtesy of @martinsohn.dk!
In Active Directory, the creator of an object (user, computer, group, ...) becomes the object's owner.
What can an owner do? By default, the owner can compromise the created object.
🧵: 1/4
In Active Directory, the creator of an object (user, computer, group, ...) becomes the object's owner.
What can an owner do? By default, the owner can compromise the created object.
🧵: 1/4
We’re closing out 2025 and looking forward to what’s next.
Join us in the new year for the Ghostwriter v6.1 webinar, and save your spot now for #SOCON2026, where the community comes together to advance APM.
Webinar 👉 ghst.ly/jan26-web-bsky
SO-CON 👉 ghst.ly/socon26-bsky
Join us in the new year for the Ghostwriter v6.1 webinar, and save your spot now for #SOCON2026, where the community comes together to advance APM.
Webinar 👉 ghst.ly/jan26-web-bsky
SO-CON 👉 ghst.ly/socon26-bsky
December 24, 2025 at 2:19 AM
We’re closing out 2025 and looking forward to what’s next.
Join us in the new year for the Ghostwriter v6.1 webinar, and save your spot now for #SOCON2026, where the community comes together to advance APM.
Webinar 👉 ghst.ly/jan26-web-bsky
SO-CON 👉 ghst.ly/socon26-bsky
Join us in the new year for the Ghostwriter v6.1 webinar, and save your spot now for #SOCON2026, where the community comes together to advance APM.
Webinar 👉 ghst.ly/jan26-web-bsky
SO-CON 👉 ghst.ly/socon26-bsky
“Deception is a good lie.”
When there’s no legitimate use for deception artifacts, interaction becomes high-fidelity signal. In his latest post, Ben Schroeder explains how BloodHound OpenGraph helps defenders plan & implement effective deception. ghst.ly/4b1nu2P
When there’s no legitimate use for deception artifacts, interaction becomes high-fidelity signal. In his latest post, Ben Schroeder explains how BloodHound OpenGraph helps defenders plan & implement effective deception. ghst.ly/4b1nu2P
Mapping Deception with BloodHound OpenGraph - SpecterOps
Explore how to design and visualize high-fidelity cyber deception using BloodHound OpenGraph to map realistic attack paths across Active Directory and third-party technologies. Learn practical techniques, tools, and real-world examples for deploying believable deceptions that improve detection, context, and defender advantage.
ghst.ly
December 23, 2025 at 10:07 PM
“Deception is a good lie.”
When there’s no legitimate use for deception artifacts, interaction becomes high-fidelity signal. In his latest post, Ben Schroeder explains how BloodHound OpenGraph helps defenders plan & implement effective deception. ghst.ly/4b1nu2P
When there’s no legitimate use for deception artifacts, interaction becomes high-fidelity signal. In his latest post, Ben Schroeder explains how BloodHound OpenGraph helps defenders plan & implement effective deception. ghst.ly/4b1nu2P
Credential Guard was meant to end credential dumping. Nearly a decade later, Valdemar Carøe tested what’s actually possible.
Check out his blog post detailing new credential dumping techniques that work on fully patched Windows 11 & Server 2025 systems.
➡️ ghst.ly/cred-eoybsky
Check out his blog post detailing new credential dumping techniques that work on fully patched Windows 11 & Server 2025 systems.
➡️ ghst.ly/cred-eoybsky
December 22, 2025 at 7:54 PM
Credential Guard was meant to end credential dumping. Nearly a decade later, Valdemar Carøe tested what’s actually possible.
Check out his blog post detailing new credential dumping techniques that work on fully patched Windows 11 & Server 2025 systems.
➡️ ghst.ly/cred-eoybsky
Check out his blog post detailing new credential dumping techniques that work on fully patched Windows 11 & Server 2025 systems.
➡️ ghst.ly/cred-eoybsky
Open source and shared research remain at the core of what we do.
In 2025, we worked to make adversary tradecraft more accessible, practical, and collaborative for the community.
🧵: 1/5
In 2025, we worked to make adversary tradecraft more accessible, practical, and collaborative for the community.
🧵: 1/5
December 19, 2025 at 10:35 PM
Open source and shared research remain at the core of what we do.
In 2025, we worked to make adversary tradecraft more accessible, practical, and collaborative for the community.
🧵: 1/5
In 2025, we worked to make adversary tradecraft more accessible, practical, and collaborative for the community.
🧵: 1/5
On Christmas Eve at SpecterOps HQ,
BloodHound sniffed what attackers might do.
Through graphs and paths it traced the way,
Finding weak links before Christmas Day.
With risks in sight, defenders slept tight—
BloodHound kept watch through the silent night.
🧵: 1/2
BloodHound sniffed what attackers might do.
Through graphs and paths it traced the way,
Finding weak links before Christmas Day.
With risks in sight, defenders slept tight—
BloodHound kept watch through the silent night.
🧵: 1/2
December 19, 2025 at 9:04 PM
On Christmas Eve at SpecterOps HQ,
BloodHound sniffed what attackers might do.
Through graphs and paths it traced the way,
Finding weak links before Christmas Day.
With risks in sight, defenders slept tight—
BloodHound kept watch through the silent night.
🧵: 1/2
BloodHound sniffed what attackers might do.
Through graphs and paths it traced the way,
Finding weak links before Christmas Day.
With risks in sight, defenders slept tight—
BloodHound kept watch through the silent night.
🧵: 1/2