Creators of BloodHound | Experts in Adversary Tradecraft | Leaders in Identity Attack Path Management
Joined January 2017
- Tweets 3,943
- Following 402
- Followers 40,994
- Likes 2,288
1,744 Photos and videos
Jun 12
ICYMI: @0xr0BIT joined #KnowYourAdversary for a discussion on how scheduled tasks store creds, why they frequently appear during security assessments, & how TaskHound helps operators & defenders visualize these relationships directly within BloodHound.
👀 ghst.ly/4x4qGmU
3
7
1,702
Jun 12
Happy #BloodHoundBasics Friday from @Jonas_B_K! 🎉
Did you know BloodHound now shows Eligible Roles in the Entity Panel?
For Azure users and groups, you can quickly see who can activate privileged roles or approve role activation requests.
3
16
1,646
Jun 11
Want to better defend Azure and Entra ID environments? Start by understanding the adversary's perspective.
At #BHUSA, our Azure training uses hands-on labs to teach the attack paths, misconfigs, and techniques used against modern cloud environments.
➡️ ghst.ly/4uii3Ua
1
4
1,088
Jun 11
Scale indirect prompt-injection testing w/ Codex-driven automation by turning payload development into a generate-inject-test-analyze-repeat loop. Antero Guy used it to explore indirect prompt-injection behavior against a custom Claude Sonnet 4.5/4.6 agent ghst.ly/4us3EnJ
1
5
26
1,882
Jun 11
Why do MFA and SSO stop mattering once someone has access to your machine?
@JustinKohler10 dives into it with @CloudSecPod ⤵️
MFA and SSO were built to prove who you are at login.
They were never built to protect what happens after.
Attackers don't need your password. They abuse the post-authentication material, the cookie, the token and operate as you.
@SpecterOps
3
1,648
Jun 10
MSSQL has always been a favorite target. Now it ships its own egress channel.
@gershsec's latest research breaks down how SQL Server 2025's native AI features enable exfil, NTLM coercion, and C2 transport, all functioning as intended.
Read more 👇 ghst.ly/4e2L3JX
65
223
16,350
Jun 10
Most prompt engineering still boils down to vibes.
@_xpn_ explores GEPA, a framework for optimizing prompts using eval results, execution traces, & iterative refinement.
Read this practical look at bringing measurable engineering practices to AI agents. ghst.ly/4vGffAp
2
9
31
2,853
Jun 10
This work is published as part of GhostWorks, an AI-focused engineering and research initiative at SpecterOps, focused on the disciplined exploration of frontier AI-enabled cybersecurity tooling. Read more ⤵️ ghst.ly/4otZ1rJ
2
6
836
Jun 9
Join our Tradecraft Analysis training at #BHUSA!
The course digs into how Windows attack techniques work under the hood, how to identify telemetry sources & detection choke points, & develop robust detection coverage & informed evasion strategies.
➡️ ghst.ly/43eLw5s
1
5
1,118
Jun 9
U2U powers UnPAC-the-Hash and chains into Shadow Credentials and ADCS ESC attacks, but most resources skip the “how.”
@GrayHatKiller breaks down Kerberos U2U auth from the RFC to Windows’ divergences—and why modern attacks rely on it.
ghst.ly/4egy4TT
21
38
2,489
Jun 8
AzureHound now has least-privilege permission documentation @martinsohndk shows the internal research that made it.
TL;DR of changes:
Directory.Read.All → 8 MS Graph permissions
Reader role → 16 ARM actions
Directory Readers → not required
ghst.ly/4vzI8yk
3
8
2,417
Jun 5
If you had FOMO during #SOCON2026 or you want to run back your favorite talk, the talk playlist is now available!
👀 Watch all currently available sessions: ghst.ly/SOCON26YT
📊: Access the presentation slides: ghst.ly/4xivvt9
5
12
2,504
Jun 5
Happy #BloodHoundBasics Day! This week, @martinsohndk walks through:
queries.specterops.io helps you find & run the queries you need. Caught up on the latest features?
- Multi-source loading
- Multi-server management
- Favorites
- Cypher cheat sheet
Quick glance in 🧵
1/6
ALT The BloodHound Query Library homepage showing the updated interface.
1
5
24
2,147
Jun 5
❤️ Favorite queries!
Log in, heart the queries you use most, sort for Most Favorites, and use Show Favorites to filter your list. For now, this applies to the BloodHound Query Library source.
5/6
1
2
1
587
Jun 5
📃 The update also added a one-page Cypher cheat sheet for quick lookups, plus a bundle of new queries that increase mapping coverage to security assessment tools.
Check it out: queries.specterops.io/
6/6
ALT The BloodHound Query Library Cypher Cheat Sheet page showing examples and reference sections for BloodHound Cypher syntax.
1
1
582
Jun 5
And the winner is... 🥁 foobar!
At the close of #InfoSecEurope, foobar was crowned the #BloodHoundUnleashed Attack Path Champion! 👑
Thank you to all of our competitors for your enthusiasm and participation throughout the challenge. We will see you for the next one...
6
804
SpecterOps retweeted
Most teams think they have a few attack paths. The real number can run into the billions.
Mark Wilson & Kay Daskalakis from the team behind Bloodhound @SpecterOps spoke to @hashishrajan about identity, agentic AI on old infrastructure, and why speed changes but context doesn't
1
3
762