Published inSnowflake Builders Blog: Data Engineers, App Developers, AI/ML, & Data ScienceMacOS CI/CD with TartHow Snowflake’s Red Team uses Tart and AWS EC2 for macOS CI/CD and developmentFeb 14, 2024Feb 14, 2024
Debugging Cookie Dumping Failures with Chromium’s Remote DebuggerChromium updated and broke our ability to dump cookies using the remote debugger?Jul 16, 2023A response icon1Jul 16, 2023A response icon1
Understanding and Defending Against Reflective Code Loading on macOSThis blogpost will describe the concept of loading executables in-memory on macOS and how to detect it.Apr 12, 2022A response icon1Apr 12, 2022A response icon1
Extended Attributes and TCC on macOSThis blogpost will describe how Transparency, Consent, and Control (TCC) affects extended attributes on macOSMar 8, 2022Mar 8, 2022
Where in the World is Carmen Sandiego: Abusing Location Services on macOSA dive into macOS, TCC, and Location ServicesDec 1, 2021A response icon2Dec 1, 2021A response icon2
Published inPosts By SpecterOps Team MembersHands in the Cookie Jar: Dumping Cookies with Chromium’s Remote Debugger PortA dive into stealing Chromium cookies with a remote debugger portDec 17, 2020A response icon1Dec 17, 2020A response icon1
Published inPosts By SpecterOps Team MembersAutomating DLL Hijack DiscoveryA dive into Windows DLLs, DLL hijacking, automation, WinAPI, and finding the root cause of shared DLL hijacks.Jun 30, 2020A response icon2Jun 30, 2020A response icon2
Published inPosts By SpecterOps Team MembersUnderstanding and Defending Against Access Token Theft: Finding Alternatives to winlogon.exeA dive into Windows processes, access tokens, SACLs, WinAPI and access token manipulation.Oct 1, 2019Oct 1, 2019
Published inPosts By SpecterOps Team MembersRevisiting TTPs: TimeStomperIn this post, I will cover how to manipulate file times on the Windows OS with a proof-of-concept tool and show examples of detection.Apr 16, 2019Apr 16, 2019