home.social

#specterops — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #specterops, aggregated by home.social.

  1. We at #BSides312 thank #SpecterOps for being a Gold level sponsor. We encourage you to check them out at specterops.io/ and visit their table at our even on May 16. Tickets are still available at bsides312.org/
    #BSides

  2. We at #BSides312 thank #SpecterOps for being a Gold level sponsor. We encourage you to check them out at specterops.io/ and visit their table at our even on May 16. Tickets are still available at bsides312.org/
    #BSides

  3. We at #BSides312 thank #SpecterOps for being a Gold level sponsor. We encourage you to check them out at specterops.io/ and visit their table at our even on May 16. Tickets are still available at bsides312.org/
    #BSides

  4. Seems SO-CON is happening today, have fun people! And if you feel like being a speaker, check out cfptime.org cc @SpecterOps #SpecterOps

  5. Seems SO-CON is happening today, have fun people! And if you feel like being a speaker, check out cfptime.org cc @SpecterOps #SpecterOps

  6. Seems SO-CON is happening today, have fun people! And if you feel like being a speaker, check out cfptime.org cc @SpecterOps #SpecterOps

  7. Seems SO-CON is happening today, have fun people! And if you feel like being a speaker, check out cfptime.org cc @SpecterOps #SpecterOps

  8. Seems SO-CON is happening today, have fun people! And if you feel like being a speaker, check out cfptime.org cc @SpecterOps #SpecterOps

  9. 🛠️ Tool
    ===================

    Executive summary: PingOneHound is an OpenGraph extension for BloodHound Community Edition and BloodHound Enterprise designed to discover, analyze, and help remediate identity-based attack paths inside PingOne organizations. The work was carried out by SpecterOps researchers using a Ping Identity–provided PingOne environment.

    Technical details:
    • Purpose: Map PingOne objects (organization, environments, users, groups, roles, applications) into a graph model consumable by BloodHound to reveal chains of authorization and authentication that can be abused.
    • Primary mechanics: PingOne supports identity federation standards such as SAML and OIDC, enabling authentication from one system and authorization by another; these federated flows expand the potential attack surface across trust boundaries.
    • Vocabulary modeled: organization (top level), environment (contains users/groups/roles/apps), the auto‑created Administrators environment, users, groups, and role assignments.

    Key features of PingOneHound:
    • Graph ingestion of PingOne environment objects into BloodHound-compatible schemas.
    • Identification of role assignment propagation rules and group membership behaviors that affect privilege paths.
    • Visibility into federation‑driven paths that reach into or out of a PingOne instance.

    Implementation concepts:
    • The extension maps PingOne API objects into nodes and relationships, preserving distinctions between direct group membership and nested group structures.
    • The model encodes that role assignments are delegated only to direct group members; nested group membership does not confer those roles, and attribute‑based automatic group membership is blocked for groups that hold role assignments.

    Use cases:
    • Red teaming and purple team exercises focused on identity abuse in cloud IdPs.
    • Defender analysis to enumerate risky role assignments, overly broad group configurations, and federation trust paths.

    Limitations and considerations:
    • Behavior modeled is constrained by PingOne configuration and API visibility; findings depend on the available object graph from the environment provided.
    • The extension surfaces paths but does not by itself exploit them; operationalization requires complementary tools and context.

    🔹 PingOne #BloodHound #PingOneHound #SpecterOps #tool

    🔗 Source: specterops.io/blog/2025/10/20/