Over the last year, security researchers have shared a huge amount of work with the community through blog posts, presentations, and whitepapers. This is great, but it also means genuinely reusable te
( 5
min )
Here is an overview of content I published in December: Blog posts: Quickpost: USB Electric Razor Quickpost: USB-C Rechargeable Batteries USB Trigger Boards Update: pecheck.py Version 0.7.19 Using a USB-C Trigger Cable To Power An FM Radio SANS ISC Diary entries: Wireshark 4.6.2 Released DLLs & TLS Callbacks
( 11
min )
Introduction
I suppose most of you have watched Tom Hanks’ masterpiece “The Terminal”, the movie about a man inspired by Mehran Karimi Nasseri, an Iranian refugee who lived in Charles de Gaulle Airport in Paris from 1988 to 2006—almost 18 years.
Tom Hanks plays the
( 6
min )
TL;DR Introduction I first encountered the chatbot as a normal Eurostar customer while planning a trip. When it opened, it clearly told me that “the answers in this chatbot are generated by AI”, which is good disclosure but immediately raised my curiosity about how it worked and what its limits were. Eurostar publishes a […]
The post Eurostar AI vulnerability: when a chatbot goes off the rails appeared first on Pen Test Partners.
( 15
min )
The Dutch government is telling people to prepare to be self-sufficient for at least 72 hours in case of a major emergency when many services (electricity, water, internet) could be unavailable. This campaign is called “Denk Vooruit” (Think Ahead). An emergency booklet has been mailed to all inhabitants. The Belgian authorities are voicing similar concerns, […]
( 13
min )
In the previous part we discussed how Impacket dcomexec works, the problems it has with newer Windows versions, how to fix them, and even how to bypass Defender. I also said I would cover a new DCOM object that can be used for lateral movement.
Today I present a new
( 6
min )
Introduction In many penetration testing assessments, it is common to encounter applications that support multiple user roles, such as admin, normal user, approver, and others. Consequently, testers are often provided with accounts and credentials for various roles during a grey-box assessment. During a penetration test, the focus is often on identifying technical vulnerabilities such as … Continue reading Integrating Abuse Case Scenarios to Improve Authorization Testing →
( 19
min )
MITRE’s AADAPT framework exposes how attackers target digital-asset systems but the real value comes from testing those threats. Learn how red teaming turns AADAPT into evidence-driven detection, stronger controls, and measurable protection against economic loss.
( 9
min )
Adversaries utilizing popular messaging apps throughout different attack phases is nothing new. Telegram, in particular, has constantly been the subject of abuse by multiple threat actors, favoured for its anonymity, accessibility, resilience, and operational advantages. In this blog, we explore popular Telegram Bot APIs, recent campaigns involving Telegram abuse, and provide detection and hunting opportunities.
( 13
min )
LLMs make competent ransomware crews faster and novices more dangerous. The risk is not superintelligent malware, but rather industrialized extortion.
( 30
min )
In 2025, we set out with a simple mission: take Burp Suite on the road and meet the global AppSec community where you are. Burp On Tour was born from our desire to learn from you; the brilliant people
( 5
min )
TL;DR The cookie crumbled when it expired, but the attack path didn’t. Learn how BloodHound graph analysis and Azure Seamless SSO enabled pivoting into the cloud. There’s nothing worse than stealing some cookies, just to find out they’ve gone bad and expired. However, that doesn’t mean lateral movement into the cloud is off the table. […]
The post Azure Seamless SSO: When Cookie Theft Doesn’t Cut It appeared first on SpecterOps.
( 18
min )
AppSec teams are under constant pressure to secure fast-moving applications without slowing anything down. But scanning windows, fragile authentication, and sprawling API estates often get in the way
( 4
min )
A Security Operations Center (SOC) watches an organization’s IT systems for cyber threats 24/7. It quickly finds and fixes security problems and uses Security Information and Event Management (SIEM) tools to collect and analyze alerts and logs. SIEMs depend on log Collectors servers, which gather data from many sources and send it to the SIEM. … Continue reading Managing SIEM Log Collectors at Scale with Ansible and GitHub Actions – Part 1 →
( 11
min )
Welcome back! As we near the end of 2025, we are, of course, waiting for the next round of SSLVPN exploitation to occur in January (as it did in 2024 and 2025).
Weeeeeeeee. Before then, we want to clear the decks and see how much research we can publish.
This
( 17
min )
TL;DR: We found that SCOM RunAs credentials could be obtained on-host and also off-host in certain configurations and wrote a tool to help automate their recovery. To skip straight to the tool, go here https://github.com/breakfix/SharpSCOM Introduction In our previous blog post, we demonstrated a series of attacks focused on attacking the SCOM server directly. Specifically, […]
The post SCOMmand And Conquer – Attacking System Center Operations Manager (Part 2) appeared first on SpecterOps.
( 41
min )
TL:DR SCOM suffers from similar insecure default configurations as its SCCM counterpart, enabling attackers to escalate privileges, harvest credentials, and ultimately compromise the entire management group and its monitored infrastructure. Intro At this point, I think it’s acceptable for me to just start each blog with a screenshot of Duane triggering me to look into […]
The post SCOMmand and Conquer – Attacking System Center Operations Manager (Part 1) appeared first on SpecterOps.
( 24
min )
Read how two Cisco Network Academy Cup winners went from students to operators behind Salt Typhoon, a global cyber espionage campaign targeting telecoms.
( 27
min )
TLDR This post shows how to achieve a full authentication bypass in the Ruby and PHP SAML ecosystem by exploiting several parser-level inconsistencies: including attribute pollution, namespace confusi
( 12
min )
TL;DR This blog demonstrates how to operationalize BloodHound Enterprise by using Tines to quickly assess the blast radius of potentially compromised accounts. It describes manual workflows as well as automation by leveraging our new Tines integration, We also provide a ready-to-use story in the Tines Library that automate manual investigation steps and generate AI-powered risk […]
The post Operationalizing BloodHound Enterprise: Security automation with Tines appeared first on SpecterOps.
( 16
min )
GoClipC2: A covert Windows clipboard-based C2 channel for VDI/RDP environments. Bypasses network monitoring with encrypted Base64 messaging.
( 10
min )
GoClipC2: A covert Windows clipboard-based C2 channel for VDI/RDP environments. Bypasses network monitoring with encrypted Base64 messaging.
( 10
min )
No content preview
( 7
min )
In this blog, we are excited to announce our white paper on Return on Mitigation (RoM), a framework we designed to quantify the financial impact of security programs in a way that speaks to business leaders.
( 6
min )
No content preview
( 4
min )
What if your security program could self-optimize: analyze trends, identify weak points, and proactively propose actionable steps to strengthen defenses? With HackerOne Recommendations, it can.
( 5
min )
What are Hackbots and how are they impacting vulnerability discovery and the researcher community?
( 6
min )
The new DORA regulation: everything your organization needs to know about its impact and how to comply.
( 5
min )
The term “special relationship,” coined by Winston Churchill, describes the close, longstanding alliance between the United States and the United Kingdom. It has been applied to cooperation during war, to trade and commerce, and even to intelligence sharing. That special relationship has clearly influenced the two nations’ recent policy papers on national cybersecurity. The U.K. […]
The post Protecting Critical Infrastructure: A Tale of Two National Cybersecurity Strategies appeared first on Synack.
( 7
min )
Scoping Adventures is a series of blogs about some of the more interesting penetration tests that the Synack Customer Success teams have worked on over the last few months. Each blog outlines how we engage with the client to achieve the best results from a pentest. Pentesters love colors—red, blue, purple, black, white and grey […]
The post Scoping Adventures: How to Get the Most Out of Your Synack Pentesting appeared first on Synack.
( 11
min )
The Synack Platform & Five Pillars of Strategic Pentesting Why You Need to Think Strategically It’s no great revelation that tactics, techniques, and procedures utilized by nefarious hackers hacking activities are evolving on a daily basis. In 2022, 18,828 common vulnerabilities and exposures (CVEs) were published. At the same time, organization attack surfaces are expanding. […]
The post Applying Strategic Thinking in Your Pentesting Program appeared first on Synack.
( 7
min )
One week ago, the Biden administration unveiled its long-awaited U.S. National Cybersecurity Strategy, with an eye toward centralizing government cyber resources and holding IT vendors more accountable for their digital defenses. Now that the ink is dry on the 35-page document, top officials like Acting National Cyber Director Kemba Walden are busy putting it into […]
The post The U.S. has a new cybersecurity strategy. What’s next for CISOs? appeared first on Synack.
( 7
min )
