Rob Winchester

Good morning from #SOCON2024! Follow along with us here this week and please share your experience using our hashtag. You can also now follow us on Instagram 👉 instagram.com/specterops.io

We're thrilled to announce BloodHound Community Edition (CE) -- the next evolution of #BloodHound. Scheduled for release on 8/8, BloodHound CE has many new features & enhancements, making it easier for users to deploy, manage, and utilize. Learn more: ghst.ly/458lIGX

There's still time to register for one of our six courses, including our Adversary Tactics courses! See our full listing of courses here: ghst.ly/blackhat2023

I've been writing a bunch of Twitter threads recently & have been asked to codify them into blogposts. Here's one describing how there's more than meets the eye when it comes to API functions. My goal is to build on this post w/ some cool new ideas. posts.specterops.io/understanding-…

Thanks for hosting me, had a blast chatting with everyone

In our never-ending hunt for new persistence techniques, @mutantvillian and I spent some time digging into using preview handlers over the past few weeks. Today we're publishing our research along with detection guidance. posts.specterops.io/life-is-pane-p…

I just published my first @SpecterOps post about Shadow Credentials - an alternative technique for taking over user and computer objects in AD. Check it out: posts.specterops.io/shadow-credent…

5 months ago @tifkin_ and I started looking into the security of Active Directory Certificate Services. Today we're releasing the results of that research- a blog post posts.specterops.io/certified-pre-… + a 140-page whitepaper and defensive audit tool (links at the top of the post) [1/6]

I'm extremely proud to announce The Attack Path Management Manifesto - our perspective, thoughts, and vision for directly dealing with the problem of Attack Paths: posts.specterops.io/the-attack-pat…

Man in the Terminal - Leveraging environment $PATH variables to keylog, hijack SSH sessions, and more. Useful for post-ex activities on shared *nix jumpboxes or developer workstations. Blog: posts.specterops.io/man-in-the-ter…

I am incredibly excited to announce I will soon join Help Systems as Tech Director for Cobalt Strike. I look forward to starting this new journey and expect great things to come. Please help me share this great news @HelpSystemMN @CoreAdvisories #cobaltstrike #redteam #blueteam

Happy Monday everyone! Today @matterpreter and I are releasing a joint blog where we dive deep into the methodology we used to uncover the technology that atsvc utilizes within scheduled tasks. Hope you enjoy! posts.specterops.io/abstracting-sc…

Our team is really happy to introduce BloodHound Enterprise, coming in the summer of 2021. The webinar is now available on-demand here: specterops.zoom.us/webinar/regist… For more information about BloodHound Enterprise: specterops.io/bloodhound-ent…

I wrote a blog talking about the "when" of building detections, a concept that doesn't always make into the detection development process. I discuss considerations of detections past, present, and future. posts.specterops.io/detections-of-…

Great work and an excellent resource if you want to better understand “how” things work

@PyroTek3 I thought you were headed this direction youtu.be/-5wpm-gesOY

@PyroTek3 You stopped this rabbit hole much earlier than I initially thought

Coding always seems to start with something simple like: "Determine how long ago something happened on a system." Easy. Done. Then... "Wait, that date/time is UTC. I need this converted to my current time zone" "Ok, I got this." Did you account for Daylight Savings Time?

Great resource on macOS

This course taught me how much more I had to learn about PowerShell and Windows internals related to it. Definitely recommend you take advantage of this exceptional material. Makes me proud to be part of a company so dedicated to furthering the industry

Just released Satellite, a payload hosting and proxy software for red team operations. In the blog post, I discuss the feature set of Satellite as well as why an operator would choose it over Apache or Nginx. posts.specterops.io/satellite-a-pa…