Jonas Bülow KnudseninPosts By SpecterOps Team MembersADCS Attack Paths in BloodHound — Part 2In this blog post, we will cover how we have incorporated the Golden Certificates and the ADCS ESC3 abuse technique in BloodHound.11 min read·May 1, 2024----
Jonas Bülow KnudseninPosts By SpecterOps Team MembersPwned by the Mail CarrierHow MS Exchange on-premises compromises Active Directory and what organizations can do to prevent that24 min read·Mar 20, 2024--3--3
Jonas Bülow KnudseninPosts By SpecterOps Team MembersADCS ESC14 Abuse TechniqueThe altSecurityIdentities attribute of Active Directory (AD) computers and users allows you to specify explicit certificate mappings. An…31 min read·Feb 28, 2024--1--1
Jonas Bülow KnudseninPosts By SpecterOps Team MembersADCS ESC13 Abuse TechniqueIt is possible to configure an Active Directory Certificate Services (ADCS) certificate template with an issuance policy having an OID…13 min read·Feb 14, 2024----
Jonas Bülow KnudseninPosts By SpecterOps Team MembersADCS Attack Paths in BloodHound — Part 1Since Will Schroeder and Lee Christensen published the Certified Pre-Owned whitepaper, the BloodHound Enterprise team at SpecterOps has…14 min read·Jan 24, 2024----
Jonas Bülow KnudseninPosts By SpecterOps Team MembersWhat is Tier Zero — Part 2Round 2!10 min read·Sep 14, 2023----
Jonas Bülow KnudseninPosts By SpecterOps Team MembersWhat is Tier Zero — Part 1Tier Zero is a crucial group of assets in Active Directory (AD) and Azure. Its purpose is to protect the most critical components by…11 min read·Jun 22, 2023----
Jonas Bülow KnudseninPosts By SpecterOps Team MembersFOSS BloodHound 4.3.1 releaseWe are excited to share the release of BloodHound version 4.3.1. We have accepted a lot of pull requests made by BloodHound users for bug…3 min read·May 23, 2023--1--1
Jonas Bülow KnudseninPosts By SpecterOps Team MembersEstablish security boundaries in your on-prem AD and Azure environmentPreventing escalation from initial access in your Active Directory (AD) environment to Domain Admins can feel impossible, especially after…17 min read·Jun 20, 2022----
Jonas Bülow KnudsenSetup RDP to DC from jumphost/PAW only — with IPSecAlso published on: https://improsec.com/tech-blog/setup-rdp-dc-jumphost-paw-ipsec16 min read·Apr 1, 2020----