SpecterOps
@specterops.io
Creators of BloodHound | Experts in Adversary Tradecraft | Leaders in Identity Attack Path Management
Pinned
SpecterOps
@specterops.io
· Oct 1
The only conference dedicated to Attack Path Management is back!
3 tracks. Real-world case studies. Hands-on BloodHound Quest lab. Join us at #SOCON2026 and advance your identity-first security strategy.
🎟️ Save 25% with early bird: specterops.io/so-con
3 tracks. Real-world case studies. Hands-on BloodHound Quest lab. Join us at #SOCON2026 and advance your identity-first security strategy.
🎟️ Save 25% with early bird: specterops.io/so-con
In today’s installment of #BloodHoundBasics from Carlo Alcantara: Easily manage your custom cypher queries.
Support for importing and exporting cypher queries was added recently in BloodHound v8.2.0 — now with drag and drop!
Support for importing and exporting cypher queries was added recently in BloodHound v8.2.0 — now with drag and drop!
November 21, 2025 at 10:26 PM
In today’s installment of #BloodHoundBasics from Carlo Alcantara: Easily manage your custom cypher queries.
Support for importing and exporting cypher queries was added recently in BloodHound v8.2.0 — now with drag and drop!
Support for importing and exporting cypher queries was added recently in BloodHound v8.2.0 — now with drag and drop!
AI tooling and MCP servers are entering enterprises fast, often faster than security teams can assess the risks.
During a recent engagement, @xpnsec.com found a new Claude Code vuln (CVE-2025-64755) while exploring MCP abuse paths.
👀 Read the details: ghst.ly/49ybl4W
During a recent engagement, @xpnsec.com found a new Claude Code vuln (CVE-2025-64755) while exploring MCP abuse paths.
👀 Read the details: ghst.ly/49ybl4W
An Evening with Claude (Code) - SpecterOps
This blog post explores a bug, (CVE-2025-64755), I found while trying to find a command execution primitive within Claude Code to demonstrate the risks of web-hosted MCP to a client.
ghst.ly
November 21, 2025 at 4:34 PM
AI tooling and MCP servers are entering enterprises fast, often faster than security teams can assess the risks.
During a recent engagement, @xpnsec.com found a new Claude Code vuln (CVE-2025-64755) while exploring MCP abuse paths.
👀 Read the details: ghst.ly/49ybl4W
During a recent engagement, @xpnsec.com found a new Claude Code vuln (CVE-2025-64755) while exploring MCP abuse paths.
👀 Read the details: ghst.ly/49ybl4W
Identity is the new battleground.
Jared Atkinson talks with CyberWire Daily about how attackers chain misconfigurations and identity relationships to reach critical assets, and how Attack Path Management stops them.
🎧: ghst.ly/4oXlfly
Jared Atkinson talks with CyberWire Daily about how attackers chain misconfigurations and identity relationships to reach critical assets, and how Attack Path Management stops them.
🎧: ghst.ly/4oXlfly
November 19, 2025 at 9:20 PM
Identity is the new battleground.
Jared Atkinson talks with CyberWire Daily about how attackers chain misconfigurations and identity relationships to reach critical assets, and how Attack Path Management stops them.
🎧: ghst.ly/4oXlfly
Jared Atkinson talks with CyberWire Daily about how attackers chain misconfigurations and identity relationships to reach critical assets, and how Attack Path Management stops them.
🎧: ghst.ly/4oXlfly
SCCM’s AdminService uses Entra tokens without confirming the UPN exists in AD. A crafted synced UPN can let an attacker impersonate the site server. Microsoft now requires on-prem SID matching (CVE-2025-59501).
Great deep dive by @unsignedsh0rt.bsky.social! ghst.ly/43wTzLx
Great deep dive by @unsignedsh0rt.bsky.social! ghst.ly/43wTzLx
SCCM Hierarchy Takeover via Entra Integration…Because of the Implication - SpecterOps
TL;DR SCCM sites (prior to KB35360093) integrated with Entra ID can be abused to compromise the entire hierarchy.
ghst.ly
November 19, 2025 at 6:35 PM
SCCM’s AdminService uses Entra tokens without confirming the UPN exists in AD. A crafted synced UPN can let an attacker impersonate the site server. Microsoft now requires on-prem SID matching (CVE-2025-59501).
Great deep dive by @unsignedsh0rt.bsky.social! ghst.ly/43wTzLx
Great deep dive by @unsignedsh0rt.bsky.social! ghst.ly/43wTzLx
Have questions about submitting to the #SOCON2026 CFP? We’ve got answers.
The CFP closes soon — submit your proposal by Nov 15 to participate in the only conference dedicated to advancing Attack Path Management.
📝 Submit: ghst.ly/socon26-cfp
The CFP closes soon — submit your proposal by Nov 15 to participate in the only conference dedicated to advancing Attack Path Management.
📝 Submit: ghst.ly/socon26-cfp
November 12, 2025 at 8:36 PM
Have questions about submitting to the #SOCON2026 CFP? We’ve got answers.
The CFP closes soon — submit your proposal by Nov 15 to participate in the only conference dedicated to advancing Attack Path Management.
📝 Submit: ghst.ly/socon26-cfp
The CFP closes soon — submit your proposal by Nov 15 to participate in the only conference dedicated to advancing Attack Path Management.
📝 Submit: ghst.ly/socon26-cfp
In today's #BloodHoundBasics, @sadprocessor.bsky.social
highlights a powerful new feature you might’ve missed: Cypher Selectors for Privilege Zones.
Why powerful? Unlike classic objectid selectors, Cypher selectors use complex conditions & can be created before the node exists.
🧵: 1/3
highlights a powerful new feature you might’ve missed: Cypher Selectors for Privilege Zones.
Why powerful? Unlike classic objectid selectors, Cypher selectors use complex conditions & can be created before the node exists.
🧵: 1/3
November 7, 2025 at 7:34 PM
In today's #BloodHoundBasics, @sadprocessor.bsky.social
highlights a powerful new feature you might’ve missed: Cypher Selectors for Privilege Zones.
Why powerful? Unlike classic objectid selectors, Cypher selectors use complex conditions & can be created before the node exists.
🧵: 1/3
highlights a powerful new feature you might’ve missed: Cypher Selectors for Privilege Zones.
Why powerful? Unlike classic objectid selectors, Cypher selectors use complex conditions & can be created before the node exists.
🧵: 1/3
Attackers don’t exploit tools—they exploit identities. Learn how to defend where it matters. Join operators and defenders for one of our hands-on training courses at #SOCON2026.
In-person attendees also receive a free conference pass. Save your spot ➡️ ghst.ly/socon-2026
In-person attendees also receive a free conference pass. Save your spot ➡️ ghst.ly/socon-2026
November 6, 2025 at 8:32 PM
Attackers don’t exploit tools—they exploit identities. Learn how to defend where it matters. Join operators and defenders for one of our hands-on training courses at #SOCON2026.
In-person attendees also receive a free conference pass. Save your spot ➡️ ghst.ly/socon-2026
In-person attendees also receive a free conference pass. Save your spot ➡️ ghst.ly/socon-2026
That feeling when your PowerShell syntax error almost deletes Global Admin. 🫠
Forrest Kasler shares a cautionary tale on why you should always read the docs when you are about to issue a “DELETE” operation on any resource in your client’s infrastructure. ghst.ly/3X2bTZ4
Forrest Kasler shares a cautionary tale on why you should always read the docs when you are about to issue a “DELETE” operation on any resource in your client’s infrastructure. ghst.ly/3X2bTZ4
Epic Pentest Fail - SpecterOps
How to Wreck Entra with a Single Mistyped Character... And How to Fix it
ghst.ly
October 30, 2025 at 8:25 PM
That feeling when your PowerShell syntax error almost deletes Global Admin. 🫠
Forrest Kasler shares a cautionary tale on why you should always read the docs when you are about to issue a “DELETE” operation on any resource in your client’s infrastructure. ghst.ly/3X2bTZ4
Forrest Kasler shares a cautionary tale on why you should always read the docs when you are about to issue a “DELETE” operation on any resource in your client’s infrastructure. ghst.ly/3X2bTZ4
See your network shares the way attackers do. 👀
Meet ShareHound, an OpenGraph collector for BloodHound CE & Enterprise that reveals share-level attack paths at scale.
@podalirius.bsky.social unpacks all the details in our latest blog post. ghst.ly/4ogiBqt
Meet ShareHound, an OpenGraph collector for BloodHound CE & Enterprise that reveals share-level attack paths at scale.
@podalirius.bsky.social unpacks all the details in our latest blog post. ghst.ly/4ogiBqt
ShareHound: An OpenGraph Collector for Network Shares - SpecterOps
ShareHound is an OpenGraph collector for BloodHound CE and BloodHound Enterprise helping identify attack paths to network shares automatically.
ghst.ly
October 30, 2025 at 5:34 PM
See your network shares the way attackers do. 👀
Meet ShareHound, an OpenGraph collector for BloodHound CE & Enterprise that reveals share-level attack paths at scale.
@podalirius.bsky.social unpacks all the details in our latest blog post. ghst.ly/4ogiBqt
Meet ShareHound, an OpenGraph collector for BloodHound CE & Enterprise that reveals share-level attack paths at scale.
@podalirius.bsky.social unpacks all the details in our latest blog post. ghst.ly/4ogiBqt
NTLM relay research is evolving!
Join Nick Powers & @tw1sm.bsky.social TOMORROW as they share new methods to enumerate EPA enforcement across MSSQL, HTTP, & more—and intro RelayInformer, expanding attacker-perspective coverage for key protocols.
Grab your spot → ghst.ly/oct-web-bsky
Join Nick Powers & @tw1sm.bsky.social TOMORROW as they share new methods to enumerate EPA enforcement across MSSQL, HTTP, & more—and intro RelayInformer, expanding attacker-perspective coverage for key protocols.
Grab your spot → ghst.ly/oct-web-bsky
October 29, 2025 at 10:25 PM
NTLM relay research is evolving!
Join Nick Powers & @tw1sm.bsky.social TOMORROW as they share new methods to enumerate EPA enforcement across MSSQL, HTTP, & more—and intro RelayInformer, expanding attacker-perspective coverage for key protocols.
Grab your spot → ghst.ly/oct-web-bsky
Join Nick Powers & @tw1sm.bsky.social TOMORROW as they share new methods to enumerate EPA enforcement across MSSQL, HTTP, & more—and intro RelayInformer, expanding attacker-perspective coverage for key protocols.
Grab your spot → ghst.ly/oct-web-bsky
From simple model to powerful platform. 💪
Elad Shamir discusses BloodHound OpenGraph's journey, the challenges of modeling adversary tradecraft, and the Clean Source Principle w/ Jared Atkinson and Justin Kohler in the latest #KnowYourAdversary.
🎧: ghst.ly/4ommfPu
Elad Shamir discusses BloodHound OpenGraph's journey, the challenges of modeling adversary tradecraft, and the Clean Source Principle w/ Jared Atkinson and Justin Kohler in the latest #KnowYourAdversary.
🎧: ghst.ly/4ommfPu
October 29, 2025 at 6:14 PM
From simple model to powerful platform. 💪
Elad Shamir discusses BloodHound OpenGraph's journey, the challenges of modeling adversary tradecraft, and the Clean Source Principle w/ Jared Atkinson and Justin Kohler in the latest #KnowYourAdversary.
🎧: ghst.ly/4ommfPu
Elad Shamir discusses BloodHound OpenGraph's journey, the challenges of modeling adversary tradecraft, and the Clean Source Principle w/ Jared Atkinson and Justin Kohler in the latest #KnowYourAdversary.
🎧: ghst.ly/4ommfPu
It's another #BloodHoundBasics day with Stephen Hinck!
Go back ⬅️, forward ➡️, & share your BloodHound view 👀. Earlier this year, we added Back button support directly through your browser. You can also copy your current URL & share it with a teammate so they see what you see.
Go back ⬅️, forward ➡️, & share your BloodHound view 👀. Earlier this year, we added Back button support directly through your browser. You can also copy your current URL & share it with a teammate so they see what you see.
October 24, 2025 at 6:27 PM
It's another #BloodHoundBasics day with Stephen Hinck!
Go back ⬅️, forward ➡️, & share your BloodHound view 👀. Earlier this year, we added Back button support directly through your browser. You can also copy your current URL & share it with a teammate so they see what you see.
Go back ⬅️, forward ➡️, & share your BloodHound view 👀. Earlier this year, we added Back button support directly through your browser. You can also copy your current URL & share it with a teammate so they see what you see.
Credential Guard was supposed to end credential dumping. It didn't.
Valdemar Carøe just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled.
Read for more: ghst.ly/4qtl2rm
Valdemar Carøe just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled.
Read for more: ghst.ly/4qtl2rm
Catching Credential Guard Off Guard - SpecterOps
Uncovering the protection mechanisms provided by modern Windows security features and identifying new methods for credential dumping.
ghst.ly
October 23, 2025 at 5:45 PM
Credential Guard was supposed to end credential dumping. It didn't.
Valdemar Carøe just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled.
Read for more: ghst.ly/4qtl2rm
Valdemar Carøe just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled.
Read for more: ghst.ly/4qtl2rm
Introducing PingOneHound, a BloodHound extension to map and remediate attack paths in PingOne.
@andyrobbins.bsky.social dives in to the architecture and mechanics in our latest blog post. Learn more & get started today. ghst.ly/3WLqlVd
@andyrobbins.bsky.social dives in to the architecture and mechanics in our latest blog post. Learn more & get started today. ghst.ly/3WLqlVd
PingOne Attack Paths - SpecterOps
You can use PingOneHound in conjunction with BloodHound Community Edition to discover, analyze, execute, and remediate identity-based attack paths in PingOne instances.
ghst.ly
October 20, 2025 at 7:19 PM
Introducing PingOneHound, a BloodHound extension to map and remediate attack paths in PingOne.
@andyrobbins.bsky.social dives in to the architecture and mechanics in our latest blog post. Learn more & get started today. ghst.ly/3WLqlVd
@andyrobbins.bsky.social dives in to the architecture and mechanics in our latest blog post. Learn more & get started today. ghst.ly/3WLqlVd
Patching one technique doesn't close the entire attack vector.
dMSA abuse is still a problem, and @logangoins.bsky.social
just dropped a reality check with new tooling to prove it.
Learn more about the issue & the new BadTakeover BOF. ghst.ly/42POg9L
dMSA abuse is still a problem, and @logangoins.bsky.social
just dropped a reality check with new tooling to prove it.
Learn more about the issue & the new BadTakeover BOF. ghst.ly/42POg9L
The (Near) Return of the King: Account Takeover Using the BadSuccessor Technique - SpecterOps
After Microsoft patched Yuval Gordon’s BadSuccessor privilege escalation technique, BadSuccessor returned with another blog from Yuval, briefly mentioning to the community that attackers can still abu...
ghst.ly
October 20, 2025 at 4:54 PM
Patching one technique doesn't close the entire attack vector.
dMSA abuse is still a problem, and @logangoins.bsky.social
just dropped a reality check with new tooling to prove it.
Learn more about the issue & the new BadTakeover BOF. ghst.ly/42POg9L
dMSA abuse is still a problem, and @logangoins.bsky.social
just dropped a reality check with new tooling to prove it.
Learn more about the issue & the new BadTakeover BOF. ghst.ly/42POg9L
For today’s #BloodHoundBasics from Carlo Alcantara, we explore how easy it is to use OpenGraph to enrich our existing Active Directory data in BloodHound. In this example, we will add a new attribute to AD objects that have a fine grained password policy applied to them.
🧵 1/5
🧵 1/5
October 17, 2025 at 6:08 PM
For today’s #BloodHoundBasics from Carlo Alcantara, we explore how easy it is to use OpenGraph to enrich our existing Active Directory data in BloodHound. In this example, we will add a new attribute to AD objects that have a fine grained password policy applied to them.
🧵 1/5
🧵 1/5
Reposted by SpecterOps
@reconmtl.bsky.social has uploaded the majority of the 2025 talks, including my talk on LSA. You can check it out at the below link if you'd like.
Thank you again to the organizers and everyone else who helps put on the conference. I look forward to coming back!
youtu.be/G2CfMWXLU1U?...
Thank you again to the organizers and everyone else who helps put on the conference. I look forward to coming back!
youtu.be/G2CfMWXLU1U?...
Recon 2025 - The Finer Details of LSA Credential Recovery
YouTube video by Recon Conference
youtu.be
October 16, 2025 at 3:34 PM
@reconmtl.bsky.social has uploaded the majority of the 2025 talks, including my talk on LSA. You can check it out at the below link if you'd like.
Thank you again to the organizers and everyone else who helps put on the conference. I look forward to coming back!
youtu.be/G2CfMWXLU1U?...
Thank you again to the organizers and everyone else who helps put on the conference. I look forward to coming back!
youtu.be/G2CfMWXLU1U?...
Think you understand how LLMs work? You might be surprised. 😳
In his latest blog post, @blaisebrignac.bsky.social explains the history, challenges, and attack primitives that make securing AI systems such an extreme challenge.
Read more: ghst.ly/497pxl0
In his latest blog post, @blaisebrignac.bsky.social explains the history, challenges, and attack primitives that make securing AI systems such an extreme challenge.
Read more: ghst.ly/497pxl0
A Gentle Crash Course to LLMs - SpecterOps
This is a crash course on the evolution of Machine Learning and modem AI, Large Language Models, and the security implications that come with them.
ghst.ly
October 16, 2025 at 8:22 PM
Think you understand how LLMs work? You might be surprised. 😳
In his latest blog post, @blaisebrignac.bsky.social explains the history, challenges, and attack primitives that make securing AI systems such an extreme challenge.
Read more: ghst.ly/497pxl0
In his latest blog post, @blaisebrignac.bsky.social explains the history, challenges, and attack primitives that make securing AI systems such an extreme challenge.
Read more: ghst.ly/497pxl0
Microsoft introduced nested application auth (NAA) in 2024. Researchers spotted FOCI similarities & dubbed it brokered client IDs (BroCI).
@1cemoon.bsky.social documents NAA flows and BroCI—filling a gap for research on Microsoft identity protocols. ghst.ly/3Jdhp7Z
@1cemoon.bsky.social documents NAA flows and BroCI—filling a gap for research on Microsoft identity protocols. ghst.ly/3Jdhp7Z
NAA or BroCI...? Let Me Explain - SpecterOps
This writeup is a summary of knowledge and resources for nested application authentication (NAA) and brokered client IDs (BroCI)
ghst.ly
October 15, 2025 at 6:24 PM
Microsoft introduced nested application auth (NAA) in 2024. Researchers spotted FOCI similarities & dubbed it brokered client IDs (BroCI).
@1cemoon.bsky.social documents NAA flows and BroCI—filling a gap for research on Microsoft identity protocols. ghst.ly/3Jdhp7Z
@1cemoon.bsky.social documents NAA flows and BroCI—filling a gap for research on Microsoft identity protocols. ghst.ly/3Jdhp7Z
Celebrating #BloodHoundBasics day w/ Nathan Davis!
DYK: Risk calculation in BHE findings can be based on different values—some use Exposure (inbound control), others Impact (outbound). Hover over a finding in the Attack Paths page to see which applies.
DYK: Risk calculation in BHE findings can be based on different values—some use Exposure (inbound control), others Impact (outbound). Hover over a finding in the Attack Paths page to see which applies.
October 10, 2025 at 6:28 PM
Celebrating #BloodHoundBasics day w/ Nathan Davis!
DYK: Risk calculation in BHE findings can be based on different values—some use Exposure (inbound control), others Impact (outbound). Hover over a finding in the Attack Paths page to see which applies.
DYK: Risk calculation in BHE findings can be based on different values—some use Exposure (inbound control), others Impact (outbound). Hover over a finding in the Attack Paths page to see which applies.
The CFP for #SOCON2026 is OPEN! 🙌
Have you been working on something interesting in Attack Path Management or identity-first defense? Join us in Arlington, VA (April 13–14) and share your work with the community.
Submit your talk by Nov. 15 → ghst.ly/socon26-cfp
Have you been working on something interesting in Attack Path Management or identity-first defense? Join us in Arlington, VA (April 13–14) and share your work with the community.
Submit your talk by Nov. 15 → ghst.ly/socon26-cfp
October 9, 2025 at 5:40 PM
The CFP for #SOCON2026 is OPEN! 🙌
Have you been working on something interesting in Attack Path Management or identity-first defense? Join us in Arlington, VA (April 13–14) and share your work with the community.
Submit your talk by Nov. 15 → ghst.ly/socon26-cfp
Have you been working on something interesting in Attack Path Management or identity-first defense? Join us in Arlington, VA (April 13–14) and share your work with the community.
Submit your talk by Nov. 15 → ghst.ly/socon26-cfp
Your strongest platform is only as secure as its weakest dependency. And you probably don't know what those are.
Jared Atkinson dives into the Clean Source Principle, hidden trust relationships, & why BloodHound OpenGraph changes the game. ghst.ly/4pYTtFU
Jared Atkinson dives into the Clean Source Principle, hidden trust relationships, & why BloodHound OpenGraph changes the game. ghst.ly/4pYTtFU
The Clean Source Principle and the Future of Identity Security - SpecterOps
TL;DR Modern identity systems are deeply interconnected, and every weak dependency creates an attack path — no matter how strong any single platform appears. The Clean Source Principle and BloodHound ...
ghst.ly
October 8, 2025 at 9:40 PM
Your strongest platform is only as secure as its weakest dependency. And you probably don't know what those are.
Jared Atkinson dives into the Clean Source Principle, hidden trust relationships, & why BloodHound OpenGraph changes the game. ghst.ly/4pYTtFU
Jared Atkinson dives into the Clean Source Principle, hidden trust relationships, & why BloodHound OpenGraph changes the game. ghst.ly/4pYTtFU
It's another #BloodHoundBasics day with @andyrobbins.bsky.social!
Today we are highlighting the ReadGMSAPassword edge.
A GMSA is an Active Directory object. GMSA stands for Group-Managed Service Account - a great solution from Microsoft that we recommend organizations use!
🧵: 1/3
Today we are highlighting the ReadGMSAPassword edge.
A GMSA is an Active Directory object. GMSA stands for Group-Managed Service Account - a great solution from Microsoft that we recommend organizations use!
🧵: 1/3
October 3, 2025 at 8:42 PM
It's another #BloodHoundBasics day with @andyrobbins.bsky.social!
Today we are highlighting the ReadGMSAPassword edge.
A GMSA is an Active Directory object. GMSA stands for Group-Managed Service Account - a great solution from Microsoft that we recommend organizations use!
🧵: 1/3
Today we are highlighting the ReadGMSAPassword edge.
A GMSA is an Active Directory object. GMSA stands for Group-Managed Service Account - a great solution from Microsoft that we recommend organizations use!
🧵: 1/3
Red teams slip past detection. Defenders adapt. The cycle continues. 🔄
John Wotton's latest on AI gated loaders shows how offensive operators are using LLMs to make shellcode execution context-aware, executing only when OPSEC policies are met. ghst.ly/4nvxsgh
John Wotton's latest on AI gated loaders shows how offensive operators are using LLMs to make shellcode execution context-aware, executing only when OPSEC policies are met. ghst.ly/4nvxsgh
AI Gated Loader: Teaching Code to Decide Before It Acts - SpecterOps
My eyes and ears when I cannot be there, AI gated loaders inspect the victim machine and wait for the right moment to execute.
ghst.ly
October 3, 2025 at 5:34 PM
Red teams slip past detection. Defenders adapt. The cycle continues. 🔄
John Wotton's latest on AI gated loaders shows how offensive operators are using LLMs to make shellcode execution context-aware, executing only when OPSEC policies are met. ghst.ly/4nvxsgh
John Wotton's latest on AI gated loaders shows how offensive operators are using LLMs to make shellcode execution context-aware, executing only when OPSEC policies are met. ghst.ly/4nvxsgh
The only conference dedicated to Attack Path Management is back!
3 tracks. Real-world case studies. Hands-on BloodHound Quest lab. Join us at #SOCON2026 and advance your identity-first security strategy.
🎟️ Save 25% with early bird: specterops.io/so-con
3 tracks. Real-world case studies. Hands-on BloodHound Quest lab. Join us at #SOCON2026 and advance your identity-first security strategy.
🎟️ Save 25% with early bird: specterops.io/so-con
October 1, 2025 at 5:31 PM
The only conference dedicated to Attack Path Management is back!
3 tracks. Real-world case studies. Hands-on BloodHound Quest lab. Join us at #SOCON2026 and advance your identity-first security strategy.
🎟️ Save 25% with early bird: specterops.io/so-con
3 tracks. Real-world case studies. Hands-on BloodHound Quest lab. Join us at #SOCON2026 and advance your identity-first security strategy.
🎟️ Save 25% with early bird: specterops.io/so-con