New tricks, same impact
posts.specterops.io/update-dumpi...

Had some fun with PDQ deploy/inventory credential decryption and wrote about it here: unsigned-sh0rt.net/posts/pdq_cr... thanks to
@dru1d.bsky.social for writing a BOF out of the POC

tl;dr get admin on PDQ box, decrypt privileged creds

Celebrating 1 year at SpecterOps, this was the first project I worked on after starting. Looking at SQL Server Transparent Data Encryption, how to bruteforce weak keys, and how ManageEngine's ADSelfService product uses TDE with a suspect key. Enjoy :) specterops.io/blog/2025/04...

Nothing new, but formalized some operator notes on Entra ID/Azure tradecraft I've found to be exceptionally useful on ops. Overlooked this myself for quite some time and thought others in the same boat might find it worth a read! 📖

medium.com/specter-ops-...

Dig through this timeline and you'll figure out what I'm here to do. I spoke to a commercial leader in the offensive security space last year. My words: you're fucking it up.

What I didn't say: I feel compelled, even though I DON'T want the bullshit, to try and fix it.

What does all of this mean?

Worked through the CloudBreach Breaching AWS course and exam over the last two weeks. Didn't see a ton of info out there on it prior to buying the course so wrote a small review with my thoughts blog.tw1sm.io/p/breaching-...

Cool to see another AD enum method bridge BH compatibility with bofhound! 🦾

Was doing some digging "What's New" in Server2025 learn.microsoft.com/en-us/window... specifically the changes to pre-2k machines. Oddvar and I had spoken previously about the changes being solid and demonstrated pre-created machines in ADUC could no longer be set with a default password.

And no ads (yet) 😂