Kevin Mandia, Founder of Mandiant, to Deliver Featured Keynote at SO-CON 2026. Learn More
< Back to Blog
Default Author Image

Logan Goins

See the latest by Logan Goins

Image for post titled Wait, Why is my WebClient Started?: SCCM Hierarchy Takeover via NTLM Relay to LDAP

Wait, Why is my WebClient Started?: SCCM Hierarchy Takeover via NTLM Relay to LDAP

TL;DR – During automatic client push installation, an SCCM site server automatically attempts to map WebDav...

By: Logan Goins
Jan 14, 2026 • 15 min read
Read Post
Image for post titled The (Near) Return of the King: Account Takeover Using the BadSuccessor Technique

The (Near) Return of the King: Account Takeover Using the BadSuccessor Technique

TL;DR – After Microsoft patched Yuval Gordon’s BadSuccessor privilege escalation technique, BadSuccessor returned with another blog...

By: Logan Goins
Oct 20, 2025 • 13 min read
Read Post
Image for post titled Operating Outside the Box: NTLM Relaying Low-Privilege HTTP Auth to LDAP

Operating Outside the Box: NTLM Relaying Low-Privilege HTTP Auth to LDAP

TL;DR When operating out of a ceded access or phishing payload with no credential material, you...

By: Logan Goins
Aug 22, 2025 • 13 min read
Read Post
Image for post titled Make Sure to Use SOAP(y) – An Operators Guide to Stealthy AD Collection Using ADWS

Make Sure to Use SOAP(y) – An Operators Guide to Stealthy AD Collection Using ADWS

Learn how to perform stealthy recon of Active Directory environments over ADWS for Red Team Assessments

By: Logan Goins
Jul 25, 2025 • 17 min read
Read Post