Supply chain attacks propagate through relationships. Shai-Hulud 2.0 proved it.

JD Crandell breaks down the worm used in the attack as an attack graph & introduces NPMHound, which can be used to model NPM dependencies in BloodHound.

Read for more! https://ghst.ly/46BMRFz

Incredible to see @hdm.io using BloodHound to build the new runZeroHound, connecting asset inventory data from
@runzero.com with attack path visualization.

Love seeing the community take BloodHound in new directions!

What’s Your Secret?: Secret Scanning by DeepPass2  - SpecterOps Discover DeepPass2 - a secret scanning tool combining BERT-based model and LLMs to detect free-form passwords, and other structured tokens and secrets with high accuracy.

Red teamers know the drill: endless file churning, hunting for passwords & tokens. 🔍

Meet DeepPass2, our new secret scanning tool that goes beyond structured tokens to catch those tricky free-form passwords too. Read Neeraj Gupta's blog post for more. ghst.ly/40HLNNA

BloodHound 8.0 is here.

A big leap forward in identity security prevention.

Now we’re able to model attack paths across the entire modern enterprise stack.

Our folks will be at #BlackHat next week to show off a few examples. Check it out:

Introducing the BloodHound Query Library - SpecterOps The BloodHound Query Library is a community-driven collection of BloodHound Cypher available at https://queries.specterops.io

Introducing the BloodHound Query Library! 📚

@martinsohn.dk & @joeydreijer.bsky.social explore the new collection of Cypher queries designed to help BloodHound users to unlock the full potential of the BloodHound platform by creating an open query ecosystem. ghst.ly/4jTgRQQ

Andy Robbins: The Evolution of Bloodhound by Phillip Wylie Show About The Guest:Andy Robbins is the Principal Product Architect at SpecterOps and one of the original 13 founding members of the company. He has a background in pen testing and red teaming and is the co-creator of Bloodhound, a popular open-source tool for attack path mapping in Active Directory environments. Summary:Andy Robbins, the Principal Product Architect at SpecterOps, joins host Phillip Wylie to discuss the evolution of Bloodhound, a tool for attack path mapping in Active Directory environments. Andy shares the origin story of Bloodhound and how it was developed to solve the problem of finding attack paths in complex environments. He explains the graph theory behind Bloodhound and how it visualizes data to help practitioners and defenders understand and mitigate security risks. Andy also discusses the recent release of Bloodhound Community Edition (CE) and the improvements it brings, including faster data ingest, query times, and a friendlier user experience. He highlights the focus on practical attack primitives and abuse primitives in Bloodhound and the goal of making attack paths a non-issue for organizations. Andy concludes by sharing valuable advice for those looking to advance in the industry, emphasizing the importance of understanding and solving real problems and being loyal to people rather than companies. Key Takeaways: Bloodhound is a tool for attack path mapping in Active Directory environments, using graph theory to visualize data and identify security risks. Bloodhound Community Edition (CE) brings improvements such as faster data ingest, query times, and a friendlier user experience. Bloodhound focuses on practical attack primitives and abuse primitives to solve real security problems and make attack paths a non-issue for organizations. Quotes: "If we give people an excellent experience for free, then enough of those people will choose to become paying customers that we have a viable business." - Andy Robbins "The industry as a whole is very young, but the capability of visualizing data problems and data security problems in this way is also relatively brand new." - Andy Robbins "We focus on attack paths or risk that emerges out of a combination of the mechanics of a system, the configurations of that system, and the behaviors of users or identities in that system." - Andy Robbins Socials and Resources: https://twitter.com/_wald0 https://twitter.com/SpecterOps https://specterops.io/ https://bloodhoundenterprise.io/ https://github.com/SpecterOps/BloodHound

Andy Robbins: The Evolution of Bloodhound podcasters.spotify.c...

Understanding & Mitigating BadSuccessor - SpecterOps Understanding the impact of the BadSuccessor AD attack primitive and mitigating the abuse via targeted Deny ACEs on Organizational Units.

BadSuccessor is a new AD attack primitive that abuses dMSAs, allowing an attacker who can modify or create a dMSA to escalate privileges and take over the forest.

Check out @jimsycurity.adminsdholder.com's latest blog post to understand how you can mitigate risk. ghst.ly/4kXTLd9

Did you miss #SOCON2025? Did you have a favorite talk you'd like to rewatch?

🎥 All presentations from SO-CON 2025 are now live at ghst.ly/socon25-talks.

💻 Slides for each talk are available at ghst.ly/socon25-slides.

Getting started w/ Mythic? We've got you covered.

@its-a-feature.bsky.social walks through the web UI basics, login process, & how to configure your default username/password. Check it out! ▶️ ghst.ly/user-interface

Watch the full series: ghst.ly/mythic-op

Thrilled to be speaking at @wearetroopers.bsky.social again this year - can’t wait to be back! 🥳

This has been a LONG time coming! This is just the beginning though :) I'll be recording more videos for updates, new features, workflow enhancements, and yes - a developer series too! Be sure to let me know what you do/don't like about this format and what kinds of things you'd like to see!

I had a great time at #socon2025! Big thanks to the SpecterOps crew for hosting. Slides for my "Hunting SMB Shares" talk are below for those who are interested.

Slides
github.com/NetSPI/Power...

PowerHuntShares
github.com/NetSPI/Power...

SOCON swag

Last week I had a fantastic experience at @specterops.bsky.social's #SOCON2025 and subsequent IDOT training. It was a great opportunity to get in touch with leading experts. Apparently I also bugged them enough to merge my small BloodHound contribution. github.com/SpecterOps/B...

Think NTLM relay is a solved problem? Think again.

Relay attacks are more complicated than many people realize. Check out this deep dive from Elad Shamir on NTLM relay attacks & the new edges we recently added to BloodHound. ghst.ly/4lv3E31

Excited to be at @specterops.bsky.social SO-CON this week!! If you're around, I'll be presenting "Abusing AUs, Confusing the SOC" tomorrow bright & early:

Smile and say cheese! 😁

As you go between sessions at #SOCON2025 make sure to snap a photo with our display on Floor 29.

We are excited to see everyone at #SOCON2025 tomorrow! 🙌

Get the details on everything you need to know before arriving at the conference: specterops.io/so-con

Hey you know, just a gentle reminder. These are tough times. They’re tough for everyone in different ways, in different spectrums, because SO many important things are under attack.

Let’s try to be kind to one another, ok? It doesn’t cost much.

We’re stronger when we show each other grace.

The world has plenty of jerks, the Devil has too many advocates.

Choose kindness with intentionality.

It's life-changing.

Keep at it for long enough and it begins to feel selfish to be honest; I get so much back from it.

#MakeKindnessNormal

Attackers see what you don't: paths between your cloud & on-prem systems.

Our Chief Product Officer Justin Kohler will be at #GartnerIAM demonstrating how attackers exploit these connections & how Attack Path Management can help close these gaps. ghst.ly/4kzkFbB

I feel sorry for young people who will never experience the intense satisfaction of pressing a CRT monitor degauss button

Happy #BloodHoundBasics day to all who celebrate!

Easily RETURN computers, users, and certificate templates created in the last X days where X can match anything you want. In this case we are looking for objects created in the last 365 days.

🧵: 1/3

We’re excited to keep pushing forward in eliminating Identity Attack Paths! As orgs grow more complex, Identity Risk is a top concern for security leaders. Proactively shutting down attack paths is the most direct way to reduce the risk of a major breach.

Andy Robbins: The Evolution of Bloodhound by Phillip Wylie Show About The Guest:Andy Robbins is the Principal Product Architect at SpecterOps and one of the original 13 founding members of the company. He has a background in pen testing and red teaming and is the co-creator of Bloodhound, a popular open-source tool for attack path mapping in Active Directory environments. Summary:Andy Robbins, the Principal Product Architect at SpecterOps, joins host Phillip Wylie to discuss the evolution of Bloodhound, a tool for attack path mapping in Active Directory environments. Andy shares the origin story of Bloodhound and how it was developed to solve the problem of finding attack paths in complex environments. He explains the graph theory behind Bloodhound and how it visualizes data to help practitioners and defenders understand and mitigate security risks. Andy also discusses the recent release of Bloodhound Community Edition (CE) and the improvements it brings, including faster data ingest, query times, and a friendlier user experience. He highlights the focus on practical attack primitives and abuse primitives in Bloodhound and the goal of making attack paths a non-issue for organizations. Andy concludes by sharing valuable advice for those looking to advance in the industry, emphasizing the importance of understanding and solving real problems and being loyal to people rather than companies. Key Takeaways: Bloodhound is a tool for attack path mapping in Active Directory environments, using graph theory to visualize data and identify security risks. Bloodhound Community Edition (CE) brings improvements such as faster data ingest, query times, and a friendlier user experience. Bloodhound focuses on practical attack primitives and abuse primitives to solve real security problems and make attack paths a non-issue for organizations. Quotes: "If we give people an excellent experience for free, then enough of those people will choose to become paying customers that we have a viable business." - Andy Robbins "The industry as a whole is very young, but the capability of visualizing data problems and data security problems in this way is also relatively brand new." - Andy Robbins "We focus on attack paths or risk that emerges out of a combination of the mechanics of a system, the configurations of that system, and the behaviors of users or identities in that system." - Andy Robbins Socials and Resources: https://twitter.com/_wald0 https://twitter.com/SpecterOps https://specterops.io/ https://bloodhoundenterprise.io/ https://github.com/SpecterOps/BloodHound

Andy Robbins: The Evolution of Bloodhound podcasters.spotify.c...

The Cyber Security Recruiters talks to Jason Frank, Chief Operations Officer, SpecterOps Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

Our COO @jasonjfrank.bsky.social recently joined The Cyber Security Recruiter Podcast to chat about SpecterOps and how we approach recruiting. He also his perspective on leadership and guiding a growing team.

Listen to the full conversation: ghst.ly/41bR9B7

Happy #BloodHoundBasics Day!

Did you know BloodHound started with just 3 node types and a few edges? Today, it supports 36 node types and 113 edge types, uncovering a vast array of attack paths.

Explore more in our docs ➡️ ghst.ly/3WSKoS7

s/o @jonas-bk.bsky.social

Hello world.