2023-08-08 Release Notes


Come see us at Black Hat USA 2023!

SpecterOps is a proud Platinum sponsor of Black Hat USA 2023 in Las Vegas, NV!

This year you can find us:

  • 🎳 August 8 @ Brooklyn Bowl: Join us for bowling, food and drink, and conversation (Spots are sold out - reach out to your TAM for a VIP ticket if you haven't registered yet).
  • πŸŽ† August 9-10 @ Booth 2234: Come chat with one of our team members or see one of our booth talks (details on talks in the link below)
  • πŸ› οΈ August 9-10 @ Black Hat Arsenal:
    • BloodHound CE goes live with some great new functionality, presented by Andy Robbins and Rohan Vazarker.
    • Lee Christensen, Will Schroeder, and Max Harley are showing off a new tool, Nemesis.
    • Chris Thompson and Diego Lomellini will share some recent updates to SharpSCCM.

For everything SpecterOps@Black Hat, check out: https://ghst.ly/blackhat2023.

Did you miss our Tier Zero webinar and blog?

On June 22nd, Elad Shamir and Jonas BΓΌlow Knudsen sat down to discuss "Tier Zero" or "Control Plane." In the first of what will become several webinars, we discussed the following:

  • πŸ‘‘ What is Tier Zero / Control Plane, and why does it matter?
  • 🏒 What does the industry include in Tier Zero?
  • πŸ‘©β€βš–οΈ Debate: Should they be?

Check out the recording of this information-rich conversation here!

Prefer to read rather than watch? We've got you covered with a blog post too!


  • BloodHound Enterprise
    • New and Improved Features - Open-ended Cypher search, Edge context menus, Pathfinding enhancements, offline collection ingest, API Explorer improvements.
    • Bug Fixes - Search no longer includes ADLocalGroup objects, clicking on objects of unknown types no longer crashes the UI, fixed "Try it out" in API Explorer.
  • SharpHound Enterprise (v2.1.7)
    • No release this week.
  • AzureHound Enterprise (v2.0.4)
    • No release this week.

BloodHound Enterprise

Improved Functionality

  • Open-ended Cypher search - Perhaps the most requested feature of BloodHound Enterprise since we launched is now live! BloodHound Enterprise now supports searches using the openCypher grammar, a query language designed for searching graph-based data. We've included several interesting queries to get you started and you can learn more about Searching with Cypher in documentation.
  • Edge context menus - Clicking on an Attack Path will now show a contextual menu similar to clicking on an object within BloodHound Enterprise. The displayed menu will include properties about the selected relationship and more in-depth contextual information about the Attack Path itself.
  • Pathfinding enhancements - When pathfinding, you can now easily swap start and end objects, plus filter the Attack Path primitives used by the pathfinding algorithm to narrow your query to information of interest.
  • Offline collection ingest - BloodHound Enterprise now officially supports an easy upload and ingest mechanism for offline collections from SharpHound CE. Whether performing merger and acquisition due diligence or monitoring risk within disconnected networks (such as ICS environments). Uploading offline SharpHound collections is now just a few clicks away under the Administration section.
  • API Explorer improvements - The API explorer has undergone some updates to indicate which BloodHound products each endpoint applies to. We've also fixed the "Try it out" buttons to make it easier to see how data queries and responses will look.

Bug Fixes

  • Search no longer includes ADLocalGroup objects
  • Clicking on objects of unknown types no longer crashes the UI
  • Fixed "Try it out" in API Explorer