Emily Leidy

Every Entra ID assessment ends here: “How do I get a token without triggering Conditional Access controls?” 🤔 @rbnroot built CAPSlock, an offline ROADrecon-based Conditional Access engine that simulates sign-ins & flags gaps without touching the tenant. ghst.ly/4aKIk64

Think you understand how LLMs work? You might be surprised. 😳 In his latest blog post, @BlaiseBrignac explains the history, challenges, and attack primitives that make securing AI systems such an extreme challenge. Read more ⤵️ ghst.ly/497pxl0

Certificate-based privilege escalation vulnerabilities are the attack vector enterprises keep overlooking. Join @leidy_tector at #BSidesNYC on Oct. 18 to learn a structured approach to ADCS remediation using attack path analysis and BloodHound Enterprise. ghst.ly/3J0BxKt

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…

Spoiler alert: Your AI safety measures might have a blind spot. 👀 When attackers use conversation context to bypass LLM safeguards, single-prompt evals just don't cut it anymore. Dive into @AtomicChonk's latest blog on multi-prompt attack detection. ⬇️ ghst.ly/47qJhzn

Cookie theft has evolved. 🍪 Over the last year, stealing cookies on Windows devices has changed significantly for Chromium browsers like Chrome and Edge. Andrew Gomez dives into these changes, how threat actors adapt, & new detection opportunities. ghst.ly/45S1ZgW

The industry recommendation for DPAPI backup key compromise remediation is to destroy and rebuild the environment. @sou_predictable explores why this is the current industry guidance. ghst.ly/40DTLHk

Think NTLM relay is a solved problem? Think again. Relay attacks are more complicated than many people realize. Check out this deep dive from @elad_shamir on NTLM relay attacks & the new edges we recently added to BloodHound. ghst.ly/4lv3E31

BIG NEWS: SpecterOps raises $75M Series B to strengthen identity security! Led by @InsightPartners with @AnsaCapital, @M12vc, Ballistic Ventures, @DecibelVC, and @Cisco_Invests. ghst.ly/seriesb #IdentitySecurity #CyberSecurity (1/6)

Please reach out if you have any questions!

Have you ever wondered why it is so difficult to describe the functionality of an attack tool? Or why it feels awkward to say "I detect mimikatz?" I work through my explanation of this problem in Part 16 of my #OnDetection series. posts.specterops.io/part-16-tool-d…

Check out the newest Misconfiguration Manager detection updates from @Praga_Prag !

We just merged a massive PR from @Praga_Prag into Misconfiguration Manager. It includes updated DETECTs 4-5, new DETECTs 6-9, and RECON-7. Check it out here: github.com/subat0mik/Misc…

Reach out if you’re interested in joining our amazing team!

Are you at @SAINTCON this week? So are we! 🙌 Keep an eye out for our team and stop by the booth to chat.

If you’re at @SAINTCON this week, stop by our @SpecterOps booth and say hi!

Join @Praga_Prag & @synth_nic0 for their @BSidesNYC talk exploring offensive tradecraft for establishing elevated persistence in AD environments. Learn domain persistence techniques & defensive strategies to secure your network from advanced adversaries. bsidesnyc.org

Ghostwriter 💜 Tool Integration! Ghostwriter v3.0.0 features a powerful GraphQL API, making tool integration a breeze. @sou_predictable's latest blog post showcases the API's capabilities using our Operation Log Generator. Learn more ⤵️ghst.ly/4dCohWE

I wrote a blog post about some of the intangible benefits of working as a red team operator and adversary simulation consultant at SpecterOps. It's pretty awesome here. And we're hiring! posts.specterops.io/life-at-specte…

Join our October trainings... if you dare! 🎃 Attend in person to get: 🎥 Movie Night Welcome Reception 🔥 Fireside Tools Chat 👻 Scary cool swag ....and more! For a limited time get 25% off! Discount applied at check-out: specterops.io/specter-bash/