Episode 11: ProSec GmbH with Special Guest Robin Unglaub

Episode 11: ProSec GmbH with Special Guest Robin Unglaub

In this episode of Know Your Adversary, Jared Atkinson and Justin Kohler are joined by Robin Unglaub, creator of TaskHound, an open-source BloodHound OpenGraph extension designed to uncover credential exposure and attack paths hidden within Windows scheduled tasks. Drawing from years of offensive security experience, Robin explains how a common administrative feature can become a valuable source of privilege escalation and lateral movement opportunities for attackers. The discussion covers how scheduled tasks store and use credentials, why they frequently appear during security assessments, and how TaskHound helps operators and defenders visualize these relationships directly within BloodHound. Robin also demonstrates how graph-based analysis can reveal tier-zero exposure, identify high-value targets, and uncover misconfigurations that might otherwise go unnoticed. Along the way, the group explores OpenGraph, operational security considerations, and upcoming TaskHound features that expand visibility into additional credential sources across enterprise environments.

Episode 10: Siemens Healthineers with Special Guest Javier Azofra

In this episode of Know Your Adversary, Jared Atkinson and Justin Kohler are joined by Javier Azofra from Siemens Healthineers, where he leads the continuous assessments team focused on enterprise security posture. Javier shares how his team approaches identity security and the challenges of maintaining visibility across complex environments.The conversation focuses on how security gaps emerge between systems like Active Directory, Entra ID, and CyberArk. Javier explains how his team built a BloodHound OpenGraph integration (CyberArkHound) to connect these platforms and uncover hidden attack paths that weren’t visible in isolation. They also break down how CyberArk models users, safes, and accounts—and how those relationships can unintentionally enable privilege escalation.Along the way, they discuss how attackers exploit identity relationships, why MFA and PAM don’t eliminate risk on their own, and how defenders can better prioritize remediation by understanding cross-platform attack paths.

Episode 9: Palo Alto Networks Unit 42 with Special Guest Steve Elovitz

In this episode of Know Your Adversary, Jared Atkinson and Justin Kohler are joined by Steve Elovitz of Palo Alto Networks’ Unit 42, where he leads service delivery across North America. With years of incident response experience, including time at Mandiant, Steve shares what it’s like responding to hundreds of real-world security incidents each year. The conversation explores how modern adversaries operate once inside an environment and why identity has become a primary entry point for many attacks. Steve breaks down the attack patterns his team most frequently sees during incident response engagements. These often begin with identity compromise through phishing, password spraying, or social engineering, followed by lateral movement and privilege escalation. The group also discusses how attackers expand access across hybrid environments by targeting SaaS platforms, developer systems, and cloud identity providers. Along the way, they examine common misconceptions around MFA and privileged access management, and why understanding attack paths helps defenders see how adversaries actually move through complex environments.

Episode 8: Ping Identity with Special Guest Bjorn Aannestad

In this episode of Know Your Adversary, Jared Atkinson and Justin Kohler sit down with SpecterOps Principal Product Architect Andy Robbins and Ping Identity Director of Product Management Bjorn Aannestad to discuss SpecterOps’ recent attack path research engagement with the PingOne platform. The conversation covers how the collaboration began, why gaining access to a real PingOne tenant was crucial for accurate modeling, and what stood out about Ping Identity’s documentation, design choices, and security philosophy. Andy walks through key elements of the PingOne architecture—including its RBAC model, environment structure, and controls that limit privilege escalation—while the group highlights how thoughtful design can dramatically reduce attack path complexity. They also explore the broader challenges of understanding hybrid identity systems, how cross-platform dependencies can create unexpected risk, and why validating security assumptions across interconnected services is essential for modern defenders.

Episode 7: The State of APM - Community Contributions

In this episode of Know Your Adversary, Jared Atkinson and Justin Kohler sit down with Christopher Maddalena to explore how open-source contributions continue to shape the evolution of attack path management. Christopher breaks down how community tools have moved from raw data dumps to polished, digestible insights that plug directly into BloodHound. The team also discusses how researchers are expanding the attack graph across identity, cloud, and infrastructure systems, and how new interfaces such as OpenGraph, make analyzing complex environments faster and more accessible. Whether you're a defender or researcher, this episode highlights how open-source innovation is accelerating visibility across modern hybrid attack surfaces.