🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

How attackers move between AD domains via trusts depends on trust type & config. We're replacing TrustedBy edge in BloodHound with new trust edges for better attack path mapping. Check out Jonas Bülow Knudsen's blog post to learn more. ghst.ly/4lj9C5T

So you've compromised a host that isn’t cloud-joined. Antero Guy breaks down how to request OAuth tokens & enumerate an Entra ID tenant by using an SSO cookie from a non cloud-joined device. Read more ⬇️ ghst.ly/445tQKL

ICYMI: The BloodHound Enterprise team recently pushed out Privilege Zones, one of the most requested features from our community. Irshad Ajmal Ahmed shares a brief overview of how this feature literally expands the capabilities of BloodHound Enterprise. ▶️ ghst.ly/45VdSnX

BloodHound v7.6.0 from SpecterOps is live! This massive release adds Azure PIM Role coverage for all users and introduces our first expansion for Enterprise customers, Privilege Zone Analysis! Full release notes here: bloodhound.specterops.io/resources/rele…

What can you expect next from BloodHound? 👀 Join Justin Kohler & Stephen Hinck (he/him) as they chat with Andy Robbins & Jared Atkinson about some of the exciting new features coming to the platform. Register today! ▶️ ghst.ly/july-web-tw

It’s going to be a brave new world for BloodHound, join us!

SCCM’s Management Points can leak more than you’d expect. Garrett shows how Network Access Accounts, Task Sequences, and Collection Settings can be stolen by relaying a remote Management Point to the site database. Check it out ⬇️ ghst.ly/4eNLaHU

Looks like BloodHound has picked up the scent of something new :) Join us Thursday to see where the trail leads.

Hmmm, is that an attack path from #Azure to code commit access in #GitHub? Join us Thursday to hear about the future of #BloodHound

BloodHound v8.0 is here! 🎉 This update introduces BloodHound OpenGraph, revolutionizing Identity Attack Path Management by exposing attack paths throughout your entire tech stack, not just AD/Entra ID. Read more from Justin Kohler: ghst.ly/bloodhoundv8 🧵: 1/7

Join us for the BloodHound v8.0 deep dive this Thursday! Justin Kohler, Andy Robbins, Jared Atkinson & Stephen Hinck (he/him) will walk through all the new features & show you how to implement these updates in your environment. Register at ghst.ly/july-web-tw 🧵: 7/7

I cannot begin to explain how excited I am about this release. Justin Kohler did a fantastic job explaining the most important new features in his blog and we plan to explain and demo them in even more depth at our webinar on Thursday. Register here: ghst.ly/july-web-tw

Is that attack paths in #1Password via #BloodHound? Learn more about the future Attack Path Management and BloodHound 8.0 this Thursday: specterops.zoom.us/webinar/regist…

Yesterday, I had the pleasure of sitting down with George V. Hulme to discuss BloodHound 8.0, the new BloodHound OpenGraph feature, and the State of Attack Path Management report. His thoughtful coverage dives deep into the nuances of our work. securityboulevard.com/2025/07/mappin…

I'm SO hyped to finally make MSSQLHound public! It's a new BloodHound collector that adds 37 new edges and 7 new nodes for MSSQL attack paths using the new OpenGraph feature for 8.0!. Let me know what you find with it! - github.com/SpecterOps/MSS… - specterops.io/blog/2025/07/2…

New BH OpenGraph stuff is pretty cool, threw together a super basic PoC to map attack paths through SCCM this afternoon using data pulled from the site DB:

Entra Connect sync accounts can be exploited to hijack device userCertificate properties, enabling device impersonation and conditional access bypass. Daniel Heinsen explores cross-domain compromise tradecraft within the same tenant. Read more ⤵️ ghst.ly/3ISMGN9

BloodHound Queries For All queries.specterops.io