Share this page!

Andy Robbins Profile picture
Twitter logo
Mar 18 7 tweets 2 min read
The #BloodHoundEnterprise team's working culture, as explained by Marcus Aurelius, a short thread: 🧵
“The object of life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane.”

We are not afraid of challenging the status quo and doing things radically different than what came before.
“If someone is able to show me that what I think or do is not right, I will happily change, for I seek the truth, by which no one was ever truly harmed. It is the person who continues in his self-deception and ignorance who is harmed.”

Every week we have "Demo/Retro", which...
... gives everyone on the team an opportunity to share what is going well, what went poorly, and to show off cool stuff they are working on.

This means we honestly reflect and intentionally improve every single week.
“Never let the future disturb you. You will meet it, if you have to, with the same weapons of reason which today arm you against the present.”

We have a lot of big challenges ahead of us. But we know we can use and build upon our existing strengths to meet those challenges.
“Never esteem anything as of advantage to you that will make you break your word or lose your self-respect.”

This is particularly relevant to marketing and PR. Yes, we do those things, but we do them in a way that is true to us, not in a way that makes us feel like shills.
Does any of this resonate with you? Consider looking at our current openings: boards.greenhouse.io/specterops/

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Andy Robbins

Andy Robbins Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @_wald0

Andy Robbins Profile picture
Mar 14
This thread is absolutely chock full of real stories about really dangerous configurations.

But instead of seeing and blaming the *people* behind those stories, we should be identifying and understanding the *patterns* in these stories.

Some quick thoughts in this thread: 🧵
There are 3 major reasons I see why we should not be blaming the people behind these dangerous configurations:

First: It doesn't help. Honestly, what evidence do we have that screeching at admins to do "the basics" has created positive outcomes?
Second: Don't forget where you came from. No one is born with all the knowledge needed to avoid these mistakes. What you see as "basic", someone else sees as secret arcane knowledge. A little empathy goes a long way here.
Read 12 tweets
Andy Robbins Profile picture
Feb 25
There has never been a better time than right now to get involved with Azure security research.

Not convinced yet? Let's compare where we are with Azure versus where we are with on-prem AD: 🧵
Active Directory initially came out in December of 1999. Now it's 2022. What's happened between then and now? Image
We actually had pass-the-hash before AD came out, but it wasn't really made practical until @hernano released the PTH Toolkit in 2007, nearly 8 years after AD's release: Image
Read 15 tweets
Andy Robbins Profile picture
Feb 21
In Windows and Active Directory, there is one system responsible for making access decisions in nearly *all* cases: the Security Reference Monitor. This system makes access decisions by analyzing security descriptors on securable objects and User Rights Assignments:
In "Azure", the story is very, very different. There are multiple forms of access control, and multiple services responsible for making access decisions.

"Azure" means the 600+ distinct services that comprise Microsoft's cloud computing platform.
Understanding who has control of any given object in any given Azure service requires a complete understanding of *all* of these systems and how they cooperate with one another.
Read 4 tweets
Andy Robbins Profile picture
Feb 15
New abuse primitives that take advantage of legitimate administrative protocols and features are wildly exciting. Why? Because no object is an island. Everything is interconnected, and that interconnectedness can have enormous impact. Thread: 🧵
You may or may not be familiar with the childrens' book, "If You Give a Mouse a Cookie:" Image
It's a classic children's moral illustrating the slippery slope idea:

If you give a mouse a cookie, it will ask for a glass of milk.
But it's too hard to drink the milk, so now the mouse wants a straw.
The mouse is worried it has a milk mustache, so now it wants a mirror.

etc
Read 12 tweets
Andy Robbins Profile picture
Jan 20
In the upcoming #BloodHound 4.1 release, we are introducing 3 new edges. Let me explain why this is actually more impactful than it may sound: 🧵
Let's say you have a basic graph with 3 nodes all connected to each other (this is called a Strongly Connected Graph). We'll call these nodes 1, 2 and 3:
How many possible paths are there? We can determine that by searching through non-cyclic trees originating from each node. For example, if we start at 1, we can visit 2 then 3, or 3 then 2:
Read 19 tweets
Andy Robbins Profile picture
Jan 1
I’m a firm believer in the (cliche) adage, “Outcomes, not output.” It’s not about the number of lines of code you wrote in 2021, but the impact those lines of code had - the outcomes they created. Here’s 5 small things you can do in 2022 to create big AD security outcomes:
#1: Audit the owners of your domain controller computer objects. Update the owner of each object to the Domain Admins group for that domain.

Time required: up to 1 hour
Potential attack path impact: extremely high.
Risk of breaking something: very low
#2: Use BloodHound to find where Domain Users/Everyone/Auth Users has privileged access, and remove all such instances.

Time required: up to 1 week
Potential attack path impact: extremely high.
Risk of breaking something: low
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @_wald0 has new unrolls!

Check out other threads from @_wald0!

Read all threads by @_wald0

:(