Pinned
I'm on Bluesky here: bsky.app/profile/andyro…
Andy Robbins
5,447 posts
Andy Robbins
@_wald0
Co-founder of SpecterOps. Co-creator of BloodHound.
bsky.app/profile/andyro…
- Living in the Seattle area, you can find very interesting articles of clothing at second hand stores. 11 years ago I found what I thought was the ultimate physical pentesting jacket
- How to prevent Kerberoasting: Kerberoasting is an incredibly powerful and reliable attack against Active Directory. In some situations it can result in an attacker becoming Domain Admin nearly instantaneously. Here's how to prevent this attack: 🧵
- For the past couple years I've been using diagrams like these, trying to simply explain complicated things. Today I'm releasing all of these under Creative Commons BY 4.0. You are free to use, adapt, and modify these for any purpose under CC BY 4.0: bit.ly/3BE4zbj
- If your entire enterprise security model crumbles because a user fell for a phish, that's not the user's fault.
- There has never been a better time than right now to get involved with Azure security research. Not convinced yet? Let's compare where we are with Azure versus where we are with on-prem AD: 🧵
- I'm proud to announce the release of #BloodHound 4.0: The Azure Update! Blog: posts.specterops.io/introducing-bl… BloodHound 4.0 Release Poster: redbubble.com/i/metal-print/… Get BloodHound: bit.ly/GetBloodHound Docs: bloodhound.readthedocs.io/en/latest/ Join the BloodHound Slack: bit.ly/BloodHoundSlack
00:00 - Pivoting from Azure back down to on-prem AD opens up some very exciting attack path possibilities. In this post, I explain what Hybrid Azure Join is, target enumeration, and how to abuse Intune/Endpoint Manager to execute code as SYSTEM on target systems posts.specterops.io/death-from-abo…
- From initial access to Global Admin with #BloodHound and BARK. In this thread let's walk, step by step, through an example attack path based on real configurations we've seen in real environments:
- 1/n - Here's how #BloodHound can help you determine whether you are vulnerable to PrivExchange by @_dirkjan: Find the domain head object in the BloodHound GUI, click the number next to "First Degree Controllers". See whether an Exchange security group is present:
- #BloodHound 3.0 is here! BloodHound: bit.ly/GetBloodHound Blog: bit.ly/3bu3chl Webinar deck: bit.ly/3837gTx Webinar recording coming soon #BloodHound 3.0 shirt: (all profits go to @MDAorg) customink.com/fundraising/th…
- #BloodHound 1.5 enables easy GPO enforcement analysis. Here's my write-up on how red teams can take advantage of this on their tests:
- Question: How do I abuse a relationship that #BloodHound is showing me? Answer: Right click the edge and click "Help" for lots of useful info including abuse instructions, opsec considerations, and references.
00:00
