- https://github.com/Mayyhem/SharpSCCM
- https://github.com/SpecterOps/MSSQLHound
- https://github.com/subat0mik/Misconfiguration-Manager
- https://github.com/Mayyhem/Maestro
- https://github.com/garrettfoster13/sccmhunter
I'm Chris. I'm currently a Senior Security Researcher at SpecterOps focusing on adding new attack paths and features to BloodHound and BloodHound Enterprise. Before that I was a Principal Consultant on the Adversary Simulation team, leading and conducting red team operations and pentests.
I enjoy writing tools to test the security of configuration management platforms like SCCM and Intune. I'm the author of SharpSCCM, MSSQLHound, and Maestro, co-author of Misconfiguration Manager with Duane Michael (@subat0mik) and Garrett Foster (unsigned_sh0rt), and have contributed to a few other offensive security tools, including SCCM Hunter, pxethiefy, and SCMKit.
- Coercing NTLM Authentication from SCCM
- Relaying NTLM Authentication from SCCM Clients
- SCCM Site Takeover via Automatic Client Push Installation
- SCCM Hierarchy Takeover
- Hierarchy Takeover without SOCKS
- Rooting Out Risky SCCM Configs with Misconfiguration Manager
- Maestro: Abusing Intune for Lateral Movement Over C2
- Do You Own Your Permissions, Or Do Your Permissions Own You?
- Adding MSSQL to BloodHound with OpenGraph
- Black Hat USA Arsenal 2022: SharpSCCM, with Duane Michael (@subat0mik)
- DEF CON Demo Labs 2022: SharpSCCM, with Duane Michael (@subat0mik)
- MMSMOA 2023: Hack the Domain with Your Favorite Management Tool, guest speaker with Sergey Chubarov and Panu Saukko
- Black Hat USA Arsenal 2023: SharpSCCM - Abusing Microsoft's C2 Framework, with Diego Lomellini (@DiLomSec1)
- Black Hat USA SpecterOps Booth 2023: SharpSCCM - Abusing Microsoft's C2 Framework, with Diego Lomellini (@DiLomSec1]
- SO-CON 2024: Misconfiguration Manager - Overlooked and Overprivileged, with Duane Michael (@subat0mik)
- MMSMOA 2024: Defending the Castle, 5 Years Later, guest speaker with Tom Degreef (@TomDegreef) and Kim Oppalfens (@TheWMIGuy)
- Troopers 2024: Misconfiguration Manager - Overlooked and Overprivileged, with Duane Michael (@subat0mik)
- DEF CON Demo Labs 2024: Maestro - Abusing Intune for Lateral Movement Over C2
- MMS Flamingo Edition 2024: Defending the Castle, 5 Years Later, guest speaker with Tom Degreef (@TomDegreef) and Kim Oppalfens (@TheWMIGuy)
- MMS Flamingo Edition 2024: Defense Against the Dark Arts, Stealing ConfigMgr Credentials, with Tom Degreef (@TomDegreef) and Kim Oppalfens (@TheWMIGuy)
- SO-CON 2025: The Admin's Guide to Preventing SCCM Attacks, with Garrett Foster (@unsigned_sh0rt)
- Microsoft Online Services (Feb 29, 2024): Getting Intune with Bugs and Tokens: A Journey Through EPM, with Zach Stein (@synzack21), Duane Michael (@subat0mik), and Garrett Foster (@unsigned_sh0rt)
- Microsoft SQL Server Elevation of Privilege (Aug 12, 2025): CVE-2025-49758
If you're interested in collaborating, please hit me up on Twitter (@_Mayyhem) or in the BloodHoundGang Slack!