Hope Walker

Senior Security Researcher

Hope Walker is a Senior Security Researcher at SpecterOps. With almost 10 years of offensive security experience, Hope has performed offensive testing against numerous Fortune 500 companies as well as large government organizations. Before joining SpecterOps, Hope worked for the Department of Defense performing long-term advanced threat simulation. Additionally, Hope created and teaches two security focused courses on Active Directory and Azure at SpecterOps.

See the latest by Hope Walker

Research & Tradecraft

NAA or BroCI…? Let Me Explain

TL;DR This writeup is a summary of knowledge and resources for nested application authentication (NAA) and brokered client IDs (BroCI). …

By: Hope Walker

12 mins

Research & Tradecraft

Going for Broke(ring) – Offensive Walkthrough for Nested App Authentication

TL;DR: Microsoft uses nested app authentication (NAA) for many applications. Access and refresh tokens for select applications, such as administrator…

By: Hope Walker

19 mins

Research & Tradecraft

How Privileged Identity Management Affects Conditional Access Policies

Introduction When administrators use directory roles (aka Entra ID roles) when configuring Conditional Access Policies (CAPs), users are not included…

By: Hope Walker

11 mins

Research & Tradecraft

Manual LDAP Querying: Part 2

This post is a follow-up to my previous post on manual LDAP querying. I would highly recommend reading that post…

By: Hope Walker

20 mins

Research & Tradecraft

An Introduction to Manual Active Directory Querying with Dsquery and Ldapsearch

Introduction Let’s be honest, BloodHound and PowerView are objectively better tools for querying, enumerating, and investigating Active Directory (AD). They are more efficient, intuitive…

By: Hope Walker

21 mins