Introducing BloodHound Scentry: Accelerate your APM practice. Learn More

Logan Goins

Associate Consultant

Logan Goins is an Associate Consultant at SpecterOps specializing in Adversary Simulation. He is also the author of a variety of offensive identity driven tools including SharpSuccessor, SOAPy, and others.

See the latest by Logan Goins

Wait, Why is my WebClient Started?: SCCM Hierarchy Takeover via NTLM Relay to LDAP

Research & Tradecraft

Wait, Why is my WebClient Started?: SCCM Hierarchy Takeover via NTLM Relay to LDAP

TL;DR – During automatic client push installation, an SCCM site server automatically attempts to map WebDav shares on clients, starting…

By: Logan Goins

15 mins
The (Near) Return of the King: Account Takeover Using the BadSuccessor Technique

Research & Tradecraft

The (Near) Return of the King: Account Takeover Using the BadSuccessor Technique

TL;DR – After Microsoft patched Yuval Gordon’s BadSuccessor privilege escalation technique, BadSuccessor returned with another blog from Yuval, briefly mentioning…

By: Logan Goins

13 mins
Operating Outside the Box: NTLM Relaying Low-Privilege HTTP Auth to LDAP

Research & Tradecraft

Operating Outside the Box: NTLM Relaying Low-Privilege HTTP Auth to LDAP

TL;DR When operating out of a ceded access or phishing payload with no credential material, you can use low-privilege HTTP…

By: Logan Goins

13 mins
Make Sure to Use SOAP(y) – An Operators Guide to Stealthy AD Collection Using ADWS

Research & Tradecraft

Make Sure to Use SOAP(y) – An Operators Guide to Stealthy AD Collection Using ADWS

Learn how to perform stealthy recon of Active Directory environments over ADWS for Red Team Assessments

By: Logan Goins

17 mins