Avsnitt
-
In this episode of Know Your Adversary, Jared Atkinson and Justin Kohler are joined by Javier Azofra from Siemens Healthineers, where he leads the continuous assessments team focused on enterprise security posture. Javier shares how his team approaches identity security and the challenges of maintaining visibility across complex environments.The conversation focuses on how security gaps emerge between systems like Active Directory, Entra ID, and CyberArk. Javier explains how his team built a BloodHound OpenGraph integration (CyberArkHound) to connect these platforms and uncover hidden attack paths that weren’t visible in isolation. They also break down how CyberArk models users, safes, and accounts—and how those relationships can unintentionally enable privilege escalation.Along the way, they discuss how attackers exploit identity relationships, why MFA and PAM don’t eliminate risk on their own, and how defenders can better prioritize remediation by understanding cross-platform attack paths.
-
In this episode of Know Your Adversary, Jared Atkinson and Justin Kohler are joined by Steve Elovitz of Palo Alto Networks’ Unit 42, where he leads service delivery across North America. With years of incident response experience, including time at Mandiant, Steve shares what it’s like responding to hundreds of real-world security incidents each year. The conversation explores how modern adversaries operate once inside an environment and why identity has become a primary entry point for many attacks.
Steve breaks down the attack patterns his team most frequently sees during incident response engagements. These often begin with identity compromise through phishing, password spraying, or social engineering, followed by lateral movement and privilege escalation. The group also discusses how attackers expand access across hybrid environments by targeting SaaS platforms, developer systems, and cloud identity providers. Along the way, they examine common misconceptions around MFA and privileged access management, and why understanding attack paths helps defenders see how adversaries actually move through complex environments. -
Saknas det avsnitt?
-
In this episode of Know Your Adversary, Jared Atkinson and Justin Kohler sit down with SpecterOps Principal Product Architect Andy Robbins and Ping Identity Director of Product Management Bjorn Aannestad to discuss SpecterOps’ recent attack path research engagement with the PingOne platform. The conversation covers how the collaboration began, why gaining access to a real PingOne tenant was crucial for accurate modeling, and what stood out about Ping Identity’s documentation, design choices, and security philosophy.
Andy walks through key elements of the PingOne architecture—including its RBAC model, environment structure, and controls that limit privilege escalation—while the group highlights how thoughtful design can dramatically reduce attack path complexity. They also explore the broader challenges of understanding hybrid identity systems, how cross-platform dependencies can create unexpected risk, and why validating security assumptions across interconnected services is essential for modern defenders.
-
In this episode of Know Your Adversary, Jared Atkinson and Justin Kohler sit down with Christopher Maddalena to explore how open-source contributions continue to shape the evolution of attack path management. Christopher breaks down how community tools have moved from raw data dumps to polished, digestible insights that plug directly into BloodHound.
The team also discusses how researchers are expanding the attack graph across identity, cloud, and infrastructure systems, and how new interfaces such as OpenGraph, make analyzing complex environments faster and more accessible. Whether you're a defender or researcher, this episode highlights how open-source innovation is accelerating visibility across modern hybrid attack surfaces.
-
In this episode of Know Your Adversary, Jared Atkinson and Justin Kohler talk with Andrew Chiles, VP of Tradecraft at SpecterOps, about the latest trends in tradecraft. Andrew breaks down how real assessment data is reshaping identity-focused attacks, why hybrid and SaaS environments create new pivot opportunities, and how browser-based session abuse is changing the game. He also shares insights on modeling emerging techniques, shortening the attacker–defender feedback loop, and what these evolving patterns mean for organizations trying to stay ahead.
-
In this episode of Know Your Adversary, hosts Jared Atkinson and Justin Kohler sit down with Elad Shamir, Head of Research at SpecterOps, to discuss the evolution and future of BloodHound OpenGraph. Elad shares how BloodHound has grown from a simple model into a powerful platform that maps complex attack surfaces across diverse environments. The conversation explores the challenges of modeling adversary tradecraft, the impact of hybrid paths connecting Active Directory and Entra ID, and how new capabilities like OpenGraph are accelerating innovation. Elad also introduces his philosophy of the Clean Source Principle, explaining how misaligned trust between systems often creates the very attack paths BloodHound is designed to uncover.
-
In this episode of Know Your Adversary, hosts Jared Atkinson and Justin Kohler sit down with Kate Dawson, Director of Customer Success at SpecterOps, to explore what it takes to implement a successful Attack Path Management (APM) program.
Kate explains how cross-team collaboration, identity-focused strategies, and programmatic—not project-based—approaches are key to lasting success. The team draws parallels between APM and vulnerability management, emphasizing the importance of continuous improvement, policy integration, and metrics like exposure reduction and remediation speed as signs of maturity in defending against identity-based attack paths.
-
In the very first episode of Know Your Adversary by SpecterOps, Chief Product Officer Justin Kohler and Chief Technology Officer Jared Atkinson pull back the curtain on how BloodHound came to be and why attack path management is more critical than ever.
They trace BloodHound’s roots from a red teamer’s Excel-driven struggle to its evolution into a revolutionary graph-theory tool that changed how defenders and adversaries alike understand identity-based attack paths. Along the way, they explain what an “attack path” really is, why attackers rarely land where they want to, and how pivoting across identities and computers creates endless opportunities for compromise.
-
In this episode of Know Your Adversary, hosts Justin Kohler and Jared Atkinson sit down with Robby Winchester, Chief Services Officer at SpecterOps, to explore the practical side of attack path management.
Robby reflects on nearly a decade of SpecterOps’ consulting and training work, sharing how the newly released State of Attack Path Management Report formalizes long-standing challenges that organizations face when dealing with identity sprawl, misconfigurations, and privilege creep. Together, they discuss how identity issues scale across environments—whether Active Directory, Kubernetes, or cloud providers—and why visibility, context, and iteration are critical to managing real-world risk.
-
In this episode of Know Your Adversary, hosts Justin Kohler and Jared Atkinson break down two key theoretical concepts shaping attack path management: the distinction between access graphs vs. attack graphs and the paradigm of identities at rest vs. identities in transit.
They explain why access graphs—maps of who can reach what—don’t tell the full story, and how attack graphs reveal the snowballing effect of compromised identities that accumulate control across environments. With real-world analogies and data points, the conversation highlights why environments with millions of relationships often harbor billions of potential attack paths, leaving defenders with an overwhelming challenge.
