SpecterOps

Proud to share that Nessa Lynchehaun has been named to @CRN’s 2026 Women of the Channel list! Nessa has been instrumental in scaling our EMEA partner ecosystem, driving alignment, partner-led wins, and long-term growth. More: ghst.ly/4wasydE

In today’s installment of #BloodHoundBasics, a new feature that makes it easy to update the schema for OpenGraph extensions. Simply enable OpenGraph Extension Management in the Early Access Features page and see the new page for OpenGraph Management. ghst.ly/4sIlsdp

AI and non-human identities are changing identity security. Join @jaredcatkinson & @JustinKohler10 for a webinar on our latest research into Identity APM adoption, challenges, and operational maturity. Save your spot: ghst.ly/3QQDhcJ

ICYMI: @JustinKohler10 joined @thecyberwire to explain a key shift in modern attacks: no exploits required. Instead, attackers chain identities and permissions across systems to escalate access and stay under the radar. 🎧 Listen: explore.thecyberwire.com/specterops

Identity risk is accelerating & orgs are adapting. Our Trends in Identity Attack Path Management Report shows: 🔒 35% fully implemented APM 💵 75% increasing identity security spend 🤖 AI is expanding identity risk Check it out: ghst.ly/3Qv0cKJ

ICYMI 👀 @_Mayyhem & Javier Azofra Ovejero shipped MSSQLHound in Go. Same lab, 17 min → under 17 sec Cross-platform, SOCKS, Kerberos/NT hash auth, + 37 BloodHound edges with pathfinding. If MSSQL isn't in your attack paths yet, it should be. ghst.ly/4cUKgtJ

The rush to adopt AI is creating more connections, more identities, and more potential attack paths. @ne0nd0g joined Risky Business to talk through what that means for red teaming & why the fundamentals matter more than ever. 🎧: risky.biz/SOAPBOX106/

It’s #BloodHoundBasics day w/ @Jonas_B_K! 🐶 DYK BloodHound pathfinding can uncover hybrid attack paths? 🔎 In this example, we trace a path from Domain Users in AD to a GitHub Secret, through Okta. Learn how OpenGraph extensions make this possible: ghst.ly/4dmfACv

If MSSQL isn't in your attack path visibility yet, this is your sign. @Mayyhem just shipped a major MSSQLHound upgrade with Javier Azofra Ovejero (github.com/jazofra): faster, cross-platform, and pathfinding-ready in BloodHound. Check it out! ghst.ly/4cUKgtJ

Have you checked out the Mythic for Developers series by @its_a_feature_? We want your feedback! ✅ Take a few minutes to complete the survey and help shape future videos: ghst.ly/4u1GioV New here? Watch the series: ghst.ly/mythic-dev

MFA & SSO aren’t stopping attackers, they’re working around them. In the latest @CloudSecPod, @JustinKohler10 joined @hashishrajan to discuss how post-auth abuse, hidden attack paths, & “harmless” permissions can lead to full cloud compromise. Listen: ghst.ly/41Q1iD5

There's still time to save your spot for today's webinar with @JustinKohler10 & @jaredcatkinson! Join us for this discussion on what Mythos means for both attackers and defenders, and how orgs can better protect critical assets and infrastructure. 🔜 ghst.ly/47PJs6E

A compromised AI tool became an attack path into enterprise identity. @jaredcatkinson breaks down the lesson from the recent Vercel breach: AI tools are non-human identities w/ delegated access. If compromised, attackers inherit it. Read more ⤵️ ghst.ly/4sSGW7p

Hear from Javier Azofra Ovejero from @SiemensHealth in the latest #KnowYourAdversary! He shares how his team measures & improves security posture at scale, focusing on identity risk & continuous assessment. 🎧: ghst.ly/4vsSRvg

Happy #BloodHoundBasics from @ScoubiMtl! 🎉 DYK: BloodHound now supports Pathfinding for OpenGraph objects? Create a Schema & enable "OpenGraph Extension Management" in "Early Access Features" ghst.ly/4sIlsdp Once enabled, you can U/L your OG Schema & OG Payload.

Back in 2021, "Certified Pre-Owned" by @tifkin_ & @harmj0y aimed to fix this class of issues. But these misconfigs still everywhere? The reason isn’t just technical; it’s abt guidance, incentives, & responsibility. Read up before Martin's talk! ghst.ly/4cOQoDL 🧵: 2/2

At #BSidesPrague next week, @martinsohndk will walk through a large-scale disclosure effort involving vendors recommending AD CS configurations that led to critical risk. ➡️ ghst.ly/4vrocya 🧵: 1/2

NTLMv1 is still out there. And now it’s easier than ever to break. @skylerknecht walks through how Google’s rainbow tables make NT hash recovery practical, no third-party service required. Check it out! ⤵️ ghst.ly/4vqx9Id

At #RSAC2026, @JustinKohler10 spoke to @thecyberwire about why attackers don’t need exploits anymore; they just follow identity paths. From GitHub → CI/CD → AWS, modern breaches chain permissions across systems. 🎧 Listen to the conversation: explore.thecyberwire.com/specterops

Had day one of the Adversary Tactics: Detection (ATD) course yesterday with @SpecterOps. It covered the foundational concepts needed for successful detection engineering and threat hunting programs that detect and find REAL threats