SpecterOps Blog Filters Search Blog RESEARCH & TRADECRAFT ghostsurf: From NTLM Relay to Browser Session Hijacking TL;DR: ntlmrelayx‘s SOCKS proxy works great for SMB and MSSQL but fails when you try to browse a web application… By: Allen DeMoura 17 mins SpecterOps expands Identity Attack Path Management to Okta, GitHub, and Mac. Learn More https://posts.specterops.io/mavinject-exe-functionality-deconstructed-c29ab2cf5c0e Page 1 of 7 RESEARCH & TRADECRAFT Ludus SCCM Lab Expansion TL;DR : While writing ConfigManBearPig, a PowerShell script that enables collection of SCCM-related attack paths for visualization in BloodHound, I… By: Chris Thompson 6 mins BLOODHOUND Expanding Attack Path Management to macOS Environments Introduction Attack path management has historically focused on identity systems like Active Directory and Entra ID. That focus made sense.… By: Jared Atkinson 11 mins SpecterOps expands Identity Attack Path Management to Okta, GitHub, and Mac. Learn More https://posts.specterops.io/mavinject-exe-functionality-deconstructed-c29ab2cf5c0e Page 2 of 7 RESEARCH & TRADECRAFT JamfHound v1.1 Update: SSO Attack Paths and Okta Additions TL;DR : New SSO Attack Paths and Okta Edges in JamfHound: Updates have been added to the JamfHound OpenGraph collector… By: Lance B. Cain 10 mins RESEARCH & TRADECRAFT Leveling Up Secure Code Reviews with Claude Code TL;DR: Claude Code is a force multiplier when performing secure code reviews during an assessment. In this post, we discuss… By: Andrew Luke 18 mins SpecterOps expands Identity Attack Path Management to Okta, GitHub, and Mac. Learn More https://posts.specterops.io/mavinject-exe-functionality-deconstructed-c29ab2cf5c0e Page 3 of 7 RESEARCH & TRADECRAFT Attack Paths Don’t Stop at Identity Providers Modeling Okta in BloodHound Enterprise to uncover cross-platform identity risk Introduction Identity is no longer confined to a single system.… By: Jared Atkinson 10 mins RESEARCH & TRADECRAFT RTFM: Read The Fatal Manual – When Vendor Documentation Creates Critical Attack Paths TL;DR: Trusted vendor documentation across 16 major technology companies were actively guiding administrators to deploy critical misconfigurations (often Active Directory… By: Martin Sohn Christensen 55 mins SpecterOps expands Identity Attack Path Management to Okta, GitHub, and Mac. Learn More https://posts.specterops.io/mavinject-exe-functionality-deconstructed-c29ab2cf5c0e Page 4 of 7 BLOODHOUND Discovering Unexpected Okta Attack Paths with BloodHound TL;DR: OktaHound is a new data collector for the Okta Platform that ingests information about entities and their relationships within… By: Michael Grafnetter 15 mins SpecterOps expands Identity Attack Path Management to Okta, GitHub, and Mac. Learn More https://posts.specterops.io/mavinject-exe-functionality-deconstructed-c29ab2cf5c0e Page 5 of 7 Page 1 / 56 BLOODHOUND Graph the Planet: Shai-Hulud 2.0 TL;DR: This blog looks at the Shai-Hulud 2.0 worm through an Attack Path Management lens. I also introduce NPMHound which… By: JD Crandell 7 mins Email: Submit Platform BloodHound Enterprise BloodHound Community Edition Services and Tradecraft Offensive Services TRAINING Red Team Operations Identity-Driven Offensive Tradecraft Detection Tradecraft Analysis Active Directory Azure Solutions SOLUTIONS INDUSTRIES Sign up for the latest updates Email* Submit By clicking Sign Up you're confirming that you agree with our Terms and Conditions. SpecterOps expands Identity Attack Path Management to Okta, GitHub, and Mac. Learn More https://posts.specterops.io/mavinject-exe-functionality-deconstructed-c29ab2cf5c0e Page 6 of 7 Privileged Access Governance and Compliance Eliminate Lateral Movement Manage Identity Risk Secure Scaling Mergers & Acquisitions Public Sector Healthcare Financial Services PARTNERS & INTEGRATIONS Partners Integrations Resources Research Blog Events Podcasts Open Source Tools Company Why SpecterOps News Careers Contact Copyright 2026 Specter Ops, Inc. All Rights Reserved. Terms of Service | Privacy Policy | Security | Trust Center | Premera Transparency Files SpecterOps expands Identity Attack Path Management to Okta, GitHub, and Mac. Learn More https://posts.specterops.io/mavinject-exe-functionality-deconstructed-c29ab2cf5c0e Page 7 of 7