SpecterOps

The #SOCON2026 agenda is live! 🎉 Explore talks, topics, & speakers across the Tradecraft, OpenGraph, & new Practice Track, focused on turning Attack Path Management into an operational discipline. Check out the agenda & plan your experience: ghst.ly/socon26-tw 🧵: 1/4

Have you made your way through the Mythic for Developers video series from @its_a_feature_? Share your feedback on the series so far and help shape future installments ➡️ specterops.typeform.com/MythicDeveloper Need a refresher? View the series here ➡️ ghst.ly/mythic-dev

Don’t miss @Icemoonhsv at #BSidesSD 🔥 Deep dive into NAA, brokered client IDs, and how token flows behave (and break) in Microsoft environments. Learn more: bsidessd.org

Friday = #BloodHoundBasics, this week courtesy for @_wald0! BloodHound is extensible - you can add your own nodes and edges from any source with BloodHound's "OpenGraph". Get started here → ghst.ly/3PmS0f1

Thanks to everyone who stopped by to connect with our team at #RSAC! This week was packed with great conversations, great energy, and valuable insight into today’s security challenges. Let’s keep those conversations going!

Stop asking LLMs to “find vulns.” Start using them to understand code. @Sw4mp_f0x walks through using Claude Code as a force multiplier in app assessments - faster analysis, fewer false positives, better outcomes. Check it out: ghst.ly/4rA3uJd

Swag game = 🔥 Grab our Credential Shuffle card game for your own table top fun! We may or may not have t-shirts as well 👀

Good morning #RSAC! ☀️ Our team is back for another day on the expo floor. Stop by booth N-6277 to see BloodHound Enterprise in action and get the answers to your Identity Attack Path Management questions!

Identity moves across systems like AD, Okta, Entra, & GitHub. A compromise in one place can quickly turn into control somewhere else. @jaredcatkinson breaks down how we modeled Okta in BloodHound Enterprise to make those attack paths visible. Learn more: ghst.ly/3PpLKmJ

The origin of critical misconfigurations may be a trusted vendor of yours. @martinsohndk's latest research found official documentation across 16 vendors introducing critical attack paths, often through AD CS misconfigurations. Check it out: ghst.ly/4dEWeIH

“The attack path to breach your environment already exists. You just haven’t seen it yet.” - @JustinKohler10 during his talk at #RSAC. Thank you to everyone who stopped by!

The #RSAC Expo is open! 🙌 Stop by booth N-6277 to see BloodHound Enterprise in action and chat with the Specter team about our latest OpenGraph extensions for GitHub, Okta, and Jamf.

Don't miss @JustinKohler10 at #RSAC today at 10:40AM! Swing by the South Briefing Center Theater & hear how BloodHound now reveals cross-platform identity attack paths beyond traditional directories, exposing the relationships attackers exploit & defenders rarely understand.

The #RSAC opening reception is underway! Stop by booth N-6277 to say hi to the team 👋

In his latest research, @MGrafnetter looks at Okta attack paths, and where they actually show up. Not in Okta itself, but in everything connected to it. With OktaHound you can map that in BloodHound. Check it out! ghst.ly/4dyLThw

BloodHound Enterprise + ServiceNow Vulnerability Response is here. Identity attack path findings demand action. This integration automates vulnerable item creation & mgmt, connecting discovery directly to remediation. Learn more: ghst.ly/47yzgiH See it in action ⤵️

LIMIT statements are optional, but recommended for queries that may return many objects. LIMIT 1000 is the default, but using LIMIT 10 or 100 helps quickly check if your query returns results. 🧵: 5/5

RETURN statements can return any variable declared in the query. In the above example, that includes p (variable representing the whole relationship), a (just the User accounts), or b (just the computers). 🧵: 4/5

Happy #BloodHoundBasics day from @Sec_Distilled! Having trouble getting started w/ Cypher queries? Here's a quick intro to get you going: Start w/ a MATCH statement, use a WHERE clause to refine, & RETURN your data (don't forget a LIMIT statement, just in case). Query in 🧵⤵️