home.social

#attack_path — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #attack_path, aggregated by home.social.

  1. hasamba @[email protected] ·

    🛠️ Tool
    ===================

    Executive summary: SpecterOps outlines a practical approach to deception planning by extending BloodHound’s attack-path mapping into third‑party technologies via OpenGraph. The piece emphasizes using mapped attack paths to place believable deception artifacts and mentions a small utility, deceptionClone, for prototyping deception paths.

    Technical context: BloodHound provides graph-based discovery of user/computer relationships in Active Directory, and OpenGraph generalizes that model to represent dependencies and privileges in non-AD systems. By modeling third-party services and their access relationships, defenders gain visibility into chains of abuse that span both AD and external systems.

    Key capabilities described:
    • Mapping of chained privileges and discovery paths across AD and third‑party systems using OpenGraph-enhanced graphs.
    • Identification of realistic locations for deception artifacts (canary tokens, honey accounts, honey endpoints) that sit on existing reconnaissance paths.
    • Use of deceptionClone to create lightweight deception replicas for testing how an attacker would discover and follow a fake path.

    Technical implementation (conceptual):
    The article frames OpenGraph as a schema/collection approach that models nodes and edges representing principals, services, and permission relationships beyond AD objects. This conceptual model enables defenders to trace potential reconnaissance sequences and privilege escalations across heterogeneous systems without requiring procedural details.

    Use cases:
    • Converting irrevocable or business-justified attack paths into detection opportunities by planting believable deception artifacts along those paths.
    • Validating the discoverability and context of deception artifacts by simulating attacker reconnaissance with deceptionClone.
    • Prioritizing remediation versus deception based on whether a mapped path can be fully removed or should be instrumented for detection.

    Limitations and considerations:
    • The approach depends on accurate modeling of third‑party relationships; incomplete data will yield blind spots.
    • Deceptions must be sufficiently realistic and contextual; simply placing decoys without mapping can produce low‑value signals or false positives.

    References and tags:
    SpecterOps blog post by Ben Schroeder; acknowledgement to Josh Prager for review. #tool #bloodhound #OpenGraph #deception #attack_path

    🔗 Source: specterops.io/blog/2025/12/23/

    #attack_path #deception #opengraph #bloodhound #tool