This bit of sql server hackery by Adam Chester 🏴‍☠️ is worth the read for pentesters and red teamers: posts.specterops.io/the-sql-server…

4. Open Source PandasAI is available for everyone, 100% open-source. You can get PandasAI on GitHub here: github.com/sinaptik-ai/pa…

New blog from me about a bug in Power Apps that allows execution of arbitrary SQL queries on hosts connected through on-prem data gateways. This can turn external O365 access into compromised on-prem SQL servers. ibm.com/think/x-force/…

I have just released my first tool : GPOHound 🚀 GPOHound is an offensive tool for dumping and analysing GPOs. It leverages BloodHound data and enriches it with insights extracted from the analysis. 🔗Check it out here: github.com/cogiceo/GPOHou…

And another AMSI bypass with a different DLL/patch 👌 medium.com/@andreabocchet…

Blogpost from my colleague about what’s still possible with recently published COM/DCOM toolings, Cross Session Activation and Kerberos relaying 🔥 r-tec.net/r-tec-blog-win…

My talk from #socon2025 is up, get your “urm” counter ready! youtu.be/RiOtfPM7i3U?si…

HijackLibs.net details hundreds of publicly disclosed DLL Hijacking opportunities. With over 700 stars on GitHub and a growing list, Wietze does an amazing job maintaining it. Despite this contributing can be time consuming. That's why I've created HijackLibs Helper!👇

I'm doing a talk at BSidesLV on this, but I'm dropping the research early, discovered this in 2022, and releasing now for awareness, how to decrypt F5 Service Account Passwords Standalone tool github.com/evilmog/F5-Dec…

Top 7 most important statistical analysis concepts that have helped me as a Data Scientist. This is a complete 7-step beginner ROADMAP for learning stats for data science. Let's go:

Deception isn’t fluff… it’s friction. And friction slows attackers down, gives defenders an edge, and buys you time. The whole point is to make them second guess their actions, make them have to perform more actions and hopefully increase the chances of detection

One Tool To Rule Them All AMSI, CLM and ETW – defeated* with one Microsoft signed tool by someone called Ian shells.systems/one-tool-to-ru…

Thank you so much to /ˈziːf-kɒn/ and its organizers for an awesome experience! Lee Chagolla-Christensen and I had a blast talking about the new Nemesis 2.0 rewrite (code live at github.com/SpecterOps/Nem… !) and hope to be back next year #x33fcon

Tokenizing has dropped in Rigging. Train models in-line with LLM interactions, tools calls, and metrics. 👀 github.com/dreadnode/rigg…

Super interesting blog on how to automate some MS-RPC research 🧐 incendium.rocks/posts/Automati…

I publish two blog posts today! 📝🐫  The first dives into how we're improving the way BloodHound models attack paths through AD trusts: specterops.io/blog/2025/06/2…  The second covers an attack technique I came across while exploring AD trust abuse: specterops.io/blog/2025/06/2…

Including nice tool release 🔥 github.com/temp43487580/E…

Happy Friday! Lee Chagolla-Christensen and I are happy to announce that we have cut the release for Nemesis 2.0.0 - check out the CHANGELOG for a (brief) summary of changes, and dive into our new docs for more detail! We're extremely proud and excited for this release github.com/SpecterOps/Nem…

NetSPI Principal Security Consultant Jason Juntunen recently published findings on a Remote Code Execution vulnerability in SailPoint's IQService component. 👉 Read the full technical breakdown: ow.ly/GbT150WmgRg #proactivesecurity #VulnerabilityResearch

Get to know what's new w/ SCCMHunter. Join Garrett's #BHUSA Arsenal session on the post-exploitation tool & learn about the updates, including site system profiling, extended admin modules, & credential relaying capabilities. ghst.ly/3GkhpBV