An offensive data enrichment pipeline. Contribute to SpecterOps/Nemesis development by creating an account on GitHub.

About The Guest:Andy Robbins is the Principal Product Architect at SpecterOps and one of the original 13 founding members of the company. He has a background in pen testing and red teaming and is the co-creator of Bloodhound, a popular open-source tool for attack path mapping in Active Directory environments. Summary:Andy Robbins, the Principal Product Architect at SpecterOps, joins host Phillip Wylie to discuss the evolution of Bloodhound, a tool for attack path mapping in Active Directory environments. Andy shares the origin story of Bloodhound and how it was developed to solve the problem of finding attack paths in complex environments. He explains the graph theory behind Bloodhound and how it visualizes data to help practitioners and defenders understand and mitigate security risks. Andy also discusses the recent release of Bloodhound Community Edition (CE) and the improvements it brings, including faster data ingest, query times, and a friendlier user experience. He highlights the focus on practical attack primitives and abuse primitives in Bloodhound and the goal of making attack paths a non-issue for organizations. Andy concludes by sharing valuable advice for those looking to advance in the industry, emphasizing the importance of understanding and solving real problems and being loyal to people rather than companies. Key Takeaways: Bloodhound is a tool for attack path mapping in Active Directory environments, using graph theory to visualize data and identify security risks. Bloodhound Community Edition (CE) brings improvements such as faster data ingest, query times, and a friendlier user experience. Bloodhound focuses on practical attack primitives and abuse primitives to solve real security problems and make attack paths a non-issue for organizations. Quotes: "If we give people an excellent experience for free, then enough of those people will choose to become paying customers that we have a viable business." - Andy Robbins "The industry as a whole is very young, but the capability of visualizing data problems and data security problems in this way is also relatively brand new." - Andy Robbins "We focus on attack paths or risk that emerges out of a combination of the mechanics of a system, the configurations of that system, and the behaviors of users or identities in that system." - Andy Robbins Socials and Resources: https://twitter.com/_wald0 https://twitter.com/SpecterOps https://specterops.io/ https://bloodhoundenterprise.io/ https://github.com/SpecterOps/BloodHound

An offensive data enrichment pipeline. Contribute to SpecterOps/Nemesis development by creating an account on GitHub.

The ability of an attacker controlling one domain to compromise another through an Active Directory (AD) trust depends on the trust type and configuration. To better map these relationships and make i...

Summary   In this episode of the Phillip Wylie Show, Sean Metcalf, an expert in Active Directory security, discusses his journey into cybersecurity, the evolution of Active Directory and Azure AD, and the common mistakes organizations make in cloud security. He emphasizes the importance of security assessments over penetration testing and shares insights into Trimarc's unique approach to security assessments. Sean also highlights the significance of scripting in security roles and discusses the future of Active Directory in hybrid environments. The episode concludes with information about Trimarc's new product, Trimarc Vision, aimed at enhancing Active Directory security.   Takeaways   Sean Metcalf has assessed environments with up to 960,000 users. Active Directory security is often overlooked in organizations. Many organizations are making the same security mistakes in the cloud as they did on-premises. Security assessments are crucial for identifying potential vulnerabilities. Trimarc uses proprietary tools for in-depth security assessments. Scripting knowledge, especially in PowerShell, is beneficial for security professionals. Active Directory is not going away anytime soon due to legacy applications. Organizations should conduct security assessments every couple of years. Trimarc's assessments provide actionable insights for improving security. The new Trimarc Vision product aims to enhance Active Directory security monitoring.   Sound Bites   "It's been quite a year." "I saw something change in the URL." "We're the identity experts."   Chapters   00:00 Introduction to Active Directory Security 03:33 Sean Metcalf's Hacker Origin Story 06:20 The Evolution of Active Directory and Azure AD 09:31 The Importance of Specialization in Cybersecurity 12:30 Active Directory Security Challenges 15:39 The Role of Security Assessments 18:26 Comparing Trimarc and Bloodhound 20:56 Understanding Active Directory Security Assessments 22:35 Getting Started in Active Directory Security 25:30 The Importance of Scripting in Security 34:43 The Hybrid Environment: On-Prem vs Cloud 37:23 Trimarc's Unique Services and Assessments 40:17 Frequency of Active Directory Assessments 42:21 Introducing Trimarc Vision   Resources https://www.linkedin.com/in/seanmmetcalf/ https://x.com/PyroTek3 https://www.linkedin.com/company/trimarcsecurity/ https://x.com/TrimarcSecurity https://www.trimarcsecurity.com/ https://adsecurity.org/    

Ghostwriter now supports real-time collaborative editing for observations, findings, and report fields using the YJS framework, Tiptap editor, and Hocuspocus server, enabling multiple users to edit si...

Meta's Prompt Guard 2 aims to prevent prompt injection. This post looks at how much knowledge of ML we need to be effective at testing these LLM WAFs.

tl;dr: Less FPs for Owns/WriteOwner and new Owns/WriteOwnerLimitedRights edges Before we get started, if you’d prefer to listen to a 10-minute presentation instead of or to supplement reading this pos...

TL;DR: SCCM forest discovery accounts can be decrypted including accounts used for managing untrusted forests. If the site server is a managed client, service account credentials can be decrypted via ...

Kerberoasting is a technique that allows an attacker to extract the encrypted part of a TGS-REP and brute force it offline to recover the plaintext password of the associated service account. The most...

TLDR: SlackPirate has been defunct for a few years due to a breaking change in how the Slack client interacts with the Slack API. It has a…

Now that we know how to add credentials to an on-premises user, lets pose a question:

We created a new tool to help you install and manage BloodHound instances, BloodHound CLI!