SpecterOps

The #SOCON2026 agenda is live! 🎉 Explore talks, topics, & speakers across the Tradecraft, OpenGraph, & new Practice Track, focused on turning Attack Path Management into an operational discipline. Check out the agenda & plan your experience: ghst.ly/socon26-tw 🧵: 1/4

What if the attack paths you’re missing are outside your core identity stack? 🤔 Join @JustinKohler10 & @jaredcatkinson March 31 to see how BloodHound Enterprise now maps risk across Okta, GitHub, and Mac environments. Save your spot! ghst.ly/4bFEnir

Supply chain attacks propagate through relationships. Shai-Hulud 2.0 proved it. @c0kernel breaks down the worm used in the attack as an attack graph & introduces NPMHound, which can be used to model NPM dependencies in BloodHound. Read for more! ⤵️ ghst.ly/4smZVqE

What do hundreds of incident response engagements reveal? Identity is the battleground. ⚔️ Steve Elovitz from @Unit42_Intel joins #KnowYourAdversary to break down how attacks unfold, from phishing to privilege escalation to SaaS expansion. 🎧: ghst.ly/4uFeMie

GitHub isn’t just a code platform anymore. It’s a security boundary. New from @jaredcatkinson: how GitHub creates real attack paths into repos, secrets, CI/CD, and even cloud environments. Read more: ghst.ly/4cU3QHd

Tune in now! 🎙️ @JustinKohler10 & @_Mayyhem are on with @_JohnHammond talking about BloodHound OpenGraph.

You can also catch @JustinKohler10 this morning on @_JohnHammond’s live stream chatting all things BloodHound OpenGraph. Tune in on John’s channels at 10:30AM ET / 7:30AM PT. 🧵: 3/3

Want to learn more? Find us at Booth N-6277 at #RSAC to chat with the team about BloodHound OpenGraph and these new extensions! 🧵: 2/3

BloodHound Enterprise is expanding. New OpenGraph extensions now uncover identity attack paths across Okta, GitHub, and Jamf-managed macOS—connecting identities, repositories, and endpoints across hybrid environments. ghst.ly/3N7X7yY 🧵: 1/3

Get a jump start and check out @_JohnHammond's stream from today where he explored the functionality of BloodHound OpenGraph! 👀: ghst.ly/4bi2BjW (2/2)

Don't miss this: @JustinKohler10 will join @_JohnHammond live to talk all things BloodHound OpenGraph—what it is, why it matters, and what’s coming next. 🔴 Tune in live TOMORROW at 10:30AM ET / 7:30AM PT! (1/2)

Heading to #RSAC next week? 🧳 Stop by booth N-6277 for live BloodHound demos and see how teams are eliminating identity-based attack paths. Our exec team will also be on-site to chat. Book your meeting ➡️ ghst.ly/3NezMLJ

Here are the instructions for creating a gMSA for your SharpHound collector: ghst.ly/4ur3mhN 🧵: 5/5

Combined w/ other hardening strategies such as the Protected Users group (enforces stricter auth & doesn't store credentials locally), & disabling outbound NTLM (prevents machines from sending NTLM credentials to other systems). This is just good security hygiene. 🧵: 4/5

Happy #BloodHoundBasics day from @psionicjake! Why do we recommend a Group Managed Service Account for SharpHound? Security. When you use a gMSA as a service principal for running SharpHound, Windows manages the p/w for the account. Not an admin. 🧵: 1/5

BloodHound Enterprise + ServiceNow Vulnerability Response is live. Automated attack path imports. Real-time sync. Native remediation workflows. Graphical visualization in Vulnerability Manager Workspace. Track it. Assign it. Fix it. ghst.ly/47yzgiH

Tailscale keys are showing up in CI/CD pipelines during red team engagements. What happens if you compromise one? @Sw4mp_f0x walks through: 🔑 Identifying Tailscale trusted keys 🔗 Joining a Tailnet 🔢 Enumerating nodes, routes, and exit nodes ghst.ly/4dfbD2b

Our Tradecraft Analysis course at #SOCON2026 dives into mapping attack telemetry, dissecting techniques, and developing detections that stand up to real-world threats. In-person attendees also receive a complimentary conference pass. Register today ➡️ ghst.ly/socon26-regtw

AI models are trained to agree with you. What if that’s the vulnerability? @atomicchonk explored Claude’s sycophancy and uncovered signs of a dual-agent architecture, including a stateless secondary instance. Check it out! ⤵️ ghst.ly/4qWu3Ic