Chris Thompson – Medium

Home

Library

Stories

Stats

Chris Thompson

Published in
Posts By SpecterOps Team Members

Maestro

Abusing Intune for Lateral Movement Over C2

Oct 31, 2024

Maestro

Oct 31, 2024

Published in
Posts By SpecterOps Team Members

Rooting out Risky SCCM Configs with Misconfiguration Manager

tl;dr: I wrote a script to identify every TAKEOVER and ELEVATE attack in Misconfiguration Manager.

Apr 11, 2024

Rooting out Risky SCCM Configs with Misconfiguration Manager

Apr 11, 2024

Published in
Posts By SpecterOps Team Members

SCCM Hierarchy Takeover

One Site to Rule Them All

Sep 25, 2023

SCCM Hierarchy Takeover

Sep 25, 2023

Published in
Posts By SpecterOps Team Members

SCCM Site Takeover via Automatic Client Push Installation

tl;dr: Install hotfix KB15599094 and disable NTLM for client push installation.

Jan 12, 2023

SCCM Site Takeover via Automatic Client Push Installation

Jan 12, 2023

Published in
Posts By SpecterOps Team Members

Relaying NTLM Authentication from SCCM Clients

tl;dr: Seriously, please disable NTLM

Jun 30, 2022

Relaying NTLM Authentication from SCCM Clients

Jun 30, 2022

Published in
Posts By SpecterOps Team Members

Coercing NTLM Authentication from SCCM

tl;dr: Disable NTLM for Client Push Installation

Apr 13, 2022

Coercing NTLM Authentication from SCCM

Apr 13, 2022

Chris Thompson

Chris Thompson

Adversary Simulation @SpecterOps

Following

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams