Andy RobbinsinPosts By SpecterOps Team MembersBrowserless Entra Device Code FlowDid you know that it is possible to perform every step in Entra’s OAuth 2.0 Device Code flow — including the user authentication steps —…Mar 6Mar 6
Andy RobbinsinPosts By SpecterOps Team MembersThe Most Dangerous Entra Role You’ve (Probably) Never Heard OfEntra ID has a built-in role called “Partner Tier2 Support” that enables escalation to Global Admin, but this role is hidden from view in…Feb 16Feb 16
Andy RobbinsinPosts By SpecterOps Team MembersDirectory.ReadWrite.All Is Not As Powerful As You Might ThinkDirectory.ReadWrite.All is an MS Graph permission that is frequently cited as granting high amounts of privilege, even being equated to the…Feb 12Feb 12
Andy RobbinsinPosts By SpecterOps Team MembersMicrosoft Breach — What Happened? What Should Azure Admins Do?On January 25, 2024, Microsoft published a blog post that detailed their recent breach at the hands of “Midnight Blizzard”. In this blog…Feb 24Feb 24
Andy RobbinsinPosts By SpecterOps Team MembersBloodHound Community Edition: A New EraI’m proud to announce the availability of BloodHound Community Edition (BloodHound CE)!Aug 8, 2023Aug 8, 2023
Andy RobbinsinPosts By SpecterOps Team MembersFrom DA to EA with ESC5There’s a new, practical way to escalate from Domain Admin to Enterprise Admin.May 16, 2023May 16, 2023
Andy RobbinsinPosts By SpecterOps Team MembersIntroducing BloodHound 4.3 — Get Global Admin More OftenDiscover new attack paths traversing Microsoft Graph and seven new Azure Resource Manager objects.Apr 18, 2023Apr 18, 2023
Andy RobbinsinPosts By SpecterOps Team MembersAbusing Azure App Service Managed Identity AssignmentsIntroFeb 15, 2023Feb 15, 2023
Andy RobbinsinPosts By SpecterOps Team MembersPasswordless Persistence and Privilege Escalation in AzureAdversaries are always looking for stealthy means of maintaining long-term and stealthy persistence and privilege in a target environment…Dec 21, 2022Dec 21, 2022
Andy RobbinsinPosts By SpecterOps Team MembersAutomating Azure Abuse Research — Part 2In Part 1 of this series, we looked at how to port functionality from the Azure GUI to PowerShell. Specifically, we looked at how to…Aug 31, 2022Aug 31, 2022