Published inSnowflake Builders Blog: Data Engineers, App Developers, AI/ML, & Data ScienceMacOS CI/CD with TartHow Snowflake’s Red Team uses Tart and AWS EC2 for macOS CI/CD and developmentFeb 14Feb 14
Debugging Cookie Dumping Failures with Chromium’s Remote DebuggerChromium updated and broke our ability to dump cookies using the remote debugger?Jul 16, 20231Jul 16, 20231
Understanding and Defending Against Reflective Code Loading on macOSThis blogpost will describe the concept of loading executables in-memory on macOS and how to detect it.Apr 12, 20221Apr 12, 20221
Extended Attributes and TCC on macOSThis blogpost will describe how Transparency, Consent, and Control (TCC) affects extended attributes on macOSMar 8, 2022Mar 8, 2022
Where in the World is Carmen Sandiego: Abusing Location Services on macOSA dive into macOS, TCC, and Location ServicesDec 1, 20212Dec 1, 20212
Published inPosts By SpecterOps Team MembersHands in the Cookie Jar: Dumping Cookies with Chromium’s Remote Debugger PortA dive into stealing Chromium cookies with a remote debugger portDec 17, 20201Dec 17, 20201
Published inPosts By SpecterOps Team MembersAutomating DLL Hijack DiscoveryA dive into Windows DLLs, DLL hijacking, automation, WinAPI, and finding the root cause of shared DLL hijacks.Jun 30, 20202Jun 30, 20202
Published inPosts By SpecterOps Team MembersUnderstanding and Defending Against Access Token Theft: Finding Alternatives to winlogon.exeA dive into Windows processes, access tokens, SACLs, WinAPI and access token manipulation.Oct 1, 2019Oct 1, 2019
Published inPosts By SpecterOps Team MembersRevisiting TTPs: TimeStomperIn this post, I will cover how to manipulate file times on the Windows OS with a proof-of-concept tool and show examples of detection.Apr 16, 2019Apr 16, 2019