Scott Sutherland
@_nullbind
Security Researcher @NetSPI | PowerUpSQL Author
You might like
Another day, another tool update. We figured out that the Invoke-AzUADeploymentScript MicroBurst function was missed in the "SecureString" token updates, so tokens weren't being extracted. Casting has been fixed and UA-MI tokens are now extracting again! github.com/NetSPI/MicroBu…
I have released an OpenGraph collector for network shares and my first blogpost at @SpecterOps on the subject! You can now visualize attack paths to network shares in BloodHound 👀 specterops.io/blog/2025/10/3…
📢 New Chapter: #MicrosoftEntra Attack & Defense Playbook ☁️ 🔑 @samilamppu and I have focused on Application-based Authentication (ABA) in #EntraConnect. Huge thanks to @DrAzureAD and @RobbeVdDaele for reviewing. Check out the new chapter: github.com/Cloud-Architek…
Added CRED-8 to Misconfiguration Manager, which is @unsigned_sh0rt's MP relay to dump machine policy secrets. MM link: github.com/subat0mik/Misc… Blog link: specterops.io/blog/2025/07/1…
Lots of cool new Nemesis features merging in soon from @tifkin_ and I! Development definitely didn't stop with the 2.0 release :) github.com/SpecterOps/Nem…
Last week we covered Active Directory Group Policy permissions (x.com/PyroTek3/statu…). This week, we dig into Active Directory Kerberos delegation. I have mentioned in several presentations that Kerberos delegation is impersonation. Kerberos delegation is used when a service…
Recently, we looked at Active Directory built-in groups (x.com/PyroTek3/statu…) This week, we focus on Active Directory Group Policy Objects (GPOs). GPOs should be audited regularly to identify the configured owner as well as the permissions to ensure they are appropriate. In…
During my #BHUSA talk I've released many ETW research tools, of which the most notable is BamboozlEDR. This tool allows you to inject events into ETW, allowing you to generate fake alerts and blind EDRs. github.com/olafhartong/Ba… Slides available here: github.com/olafhartong/Pr…
👋 Say hello to Nemesis 2.0, a streamlined, Docker Compose-based platform that is laser-focused on file triage. After introducing v1 two years ago, the team has reworked the platform to better serve what people need from it. Read more from @harmj0y. ⤵️ ghst.ly/4mxQzFU
In our latest blog, @shncldwll breaks down the process of creating a fully integrated, self-verifying agentic system that can do modern Windows Active Directory red team operations, without human interaction. Read about our approach to building cyber evals to measure model…
Your devs aren’t just writing code, they’re holding keys to your kingdom. BloodHound now supports GitHub identities, so you can visualize access and control in your org’s dev pipeline. Check it out at github.com/SpecterOps/Git…
I'm SO hyped to finally make MSSQLHound public! It's a new BloodHound collector that adds 37 new edges and 7 new nodes for MSSQL attack paths using the new OpenGraph feature for 8.0!. Let me know what you find with it! - github.com/SpecterOps/MSS… - specterops.io/blog/2025/07/2…
Get to know what's new w/ SCCMHunter. Join @unsigned_sh0rt's #BHUSA Arsenal session on the post-exploitation tool & learn about the updates, including site system profiling, extended admin modules, & credential relaying capabilities. ghst.ly/3GkhpBV
NetSPI Principal Security Consultant Jason Juntunen recently published findings on a Remote Code Execution vulnerability in SailPoint's IQService component. 👉 Read the full technical breakdown: ow.ly/GbT150WmgRg #proactivesecurity #VulnerabilityResearch
Happy Friday! @tifkin_ and I are happy to announce that we have cut the release for Nemesis 2.0.0 - check out the CHANGELOG for a (brief) summary of changes, and dive into our new docs for more detail! We're extremely proud and excited for this release github.com/SpecterOps/Nem…
Including nice tool release 🔥 github.com/temp43487580/E…
Super interesting blog on how to automate some MS-RPC research 🧐 incendium.rocks/posts/Automati…
I publish two blog posts today! 📝🐫 The first dives into how we're improving the way BloodHound models attack paths through AD trusts: specterops.io/blog/2025/06/2… The second covers an attack technique I came across while exploring AD trust abuse: specterops.io/blog/2025/06/2…
Tokenizing has dropped in Rigging. Train models in-line with LLM interactions, tools calls, and metrics. 👀 github.com/dreadnode/rigg…
Thank you so much to @x33fcon and its organizers for an awesome experience! @tifkin_ and I had a blast talking about the new Nemesis 2.0 rewrite (code live at github.com/SpecterOps/Nem… !) and hope to be back next year #x33fcon
One Tool To Rule Them All AMSI, CLM and ETW – defeated* with one Microsoft signed tool by someone called Ian shells.systems/one-tool-to-ru…
United States Trends
- 1. Dodgers 622K posts
- 2. #WorldSeries 304K posts
- 3. #WorldSeries 304K posts
- 4. Yamamoto 190K posts
- 5. Blue Jays 140K posts
- 6. Will Smith 45.5K posts
- 7. Miguel Rojas 39.1K posts
- 8. Kershaw 28.6K posts
- 9. Yankees 14.6K posts
- 10. Baseball 156K posts
- 11. Dave Roberts 12K posts
- 12. Kendrick 16.1K posts
- 13. Vladdy 21K posts
- 14. Ohtani 81.7K posts
- 15. #Worlds2025 26.7K posts
- 16. Jeff Hoffman 3,370 posts
- 17. Auburn 14.1K posts
- 18. Nike 34K posts
- 19. Cubs 7,360 posts
- 20. Phillies 3,432 posts
You might like
-
Lee Chagolla-Christensen
@tifkin_ -
Beau Bullock
@dafthack -
Matt Hand
@matterpreter -
Ryan Cobb
@cobbr_io -
Marcello
@byt3bl33d3r -
Karl
@kfosaaen -
Mr.Un1k0d3r
@MrUn1k0d3r -
Chris Thompson
@retBandit -
monoxgas
@monoxgas -
NetSPI
@NetSPI -
Harley Lebeau
@r3dQu1nn -
Cody Thomas
@its_a_feature_ -
bohops
@bohops -
Dwight Hohnstein
@djhohnstein -
@[email protected]
@christruncer
Something went wrong.
Something went wrong.