Logan Goins

189 posts

Logan Goins banner
Logan Goins

Logan Goins

@_logangoins

Adversary Simulation @SpecterOps

United States Katılım Nisan 2024
193 Takip Edilen1.5K Takipçiler
Sabitlenmiş Tweet
Logan Goins
Logan Goins@_logangoins·
Just released a new @SpecterOps blog! I discovered that during client push in SCCM env's it's possible to remotely start WebClient and coerce HTTP from site servers for a relay to LDAP resulting in hierarchy takeover when WebClient is installed! 🫠 specterops.io/blog/2026/01/1…
English
1
65
159
15.1K
Logan Goins retweetledi
SpecterOps
SpecterOps@SpecterOps·
Need to do an NTLM relay over C2 but local priv-esc isn't possible? @_logangoins new post walks through relaying NTLM auth out of a network and back in through red team infra to bypass traditional relay controls, plus how defenders actually stop it. specterops.io/blog/2026/07/1…
English
1
65
227
11.7K
Logan Goins
Logan Goins@_logangoins·
We used this technique on an op recently, and I wanted to create a simple resource on it due to it being seldom covered but very useful. It's a cool way to get around various NTLM relay constraints when operating over C2 from low-privilege. See it here: specterops.io/blog/2026/07/1…
English
1
26
95
4.5K
Logan Goins retweetledi
SpecterOps
SpecterOps@SpecterOps·
Registration for training at #BHUSA 2026 is officially open, and we are bringing a full slate of adversary-focused courses to Las Vegas. 🎰 Early reg. pricing ends May 22, so now is the time to lock in your seat. 🧵 Links to each course ⤵️
SpecterOps tweet media
English
1
5
15
4.7K
Logan Goins retweetledi
Bad Sector Labs
Bad Sector Labs@badsectorlabs·
CopyFail (CVE-2026-31431) in Go. In case you want to get root from a static binary without Python as a dependency. github.com/badsectorlabs/…
Bad Sector Labs tweet media
English
16
223
1.1K
78.4K
Logan Goins
Logan Goins@_logangoins·
Just added krb5 auth over ADWS in my tool SOAPy. I noticed since SOAPy released 2 yrs ago with the first ADWS python code nobody had implemented krb5 auth in python. Check it out here, and stay tuned for an upcoming blog post + big release 👀 github.com/logangoins/SOA…
English
1
39
123
9.6K
Logan Goins retweetledi
Jacob Paullus
Jacob Paullus@psycep_·
gopacket is live! Check it out, it is intended to be a full reimplementation of Impacket in Go (it is in beta please send me bug reports) github.com/mandiant/gopac…
English
7
125
420
61.1K
Logan Goins retweetledi
codewhisperer84
codewhisperer84@codewhisperer84·
New Titanis release => github.com/trustedsec/Tit… The new Dsrep lets you dump secrets from AD, Ldap supports queries for DNS records and timestamp conversions, Dcom supports dotted-property notation, along with other enhancements and fixes.
English
2
30
86
5.9K
Logan Goins retweetledi
Andrew
Andrew@4ndr3w6S·
A debate in the BloodHound Slack: can you attribute the originating host from an ADWS query? 🤨 Challenge accepted. Part 5B continues the ADWS blind spot: Event 5156 recovers the attacker’s real IP in ~60ms. 🕵️ Check out my latest post… huntress.com/blog/ldap-acti…
English
1
8
25
2.8K
Logan Goins retweetledi
SpecterOps
SpecterOps@SpecterOps·
SCCM is everywhere, but realistic testing environments aren’t. In his latest blog post, @_Mayyhem expands on work by @synzack21 and @badsectorlabs with a Ludus-based SCCM lab for research and attack path testing. Read more ⬇️ ghst.ly/4bYltDo
English
0
23
54
4.2K
Logan Goins retweetledi
Chris Thompson
Chris Thompson@_Mayyhem·
I added an SCCM central admin site, child site, passive site server, secondary site, and remote system roles to @synzack21 and @badsectorlabs Ludus lab so you can skip the manual deployment. It's vuln to almost every technique in Misconfiguration Manager. specterops.io/blog/2026/04/0…
English
1
19
63
2.3K
Logan Goins retweetledi
Joshua Prager
Joshua Prager@Praga_Prag·
Have you got SCCM in your environment? Want to catch adversaries attempting to abuse it for malicious purposes? Check out my newest blog to setup deceptions within existing SCCM infra specterops.io/blog/2026/02/1…
English
0
8
16
990
Logan Goins retweetledi
SpecterOps
SpecterOps@SpecterOps·
Every Entra ID assessment ends here: “How do I get a token without triggering Conditional Access controls?” 🤔 @rbnroot built CAPSlock, an offline ROADrecon-based Conditional Access engine that simulates sign-ins & flags gaps without touching the tenant. ghst.ly/4aKIk64
English
3
89
278
29.1K
Logan Goins retweetledi
SpecterOps
SpecterOps@SpecterOps·
Introducing BloodHound Scentry: BloodHound Enterprise + SpecterOps experts working alongside your team to eliminate attack paths and accelerate APM. Level 0 → Level 3 maturity in ~6 months. Not theory. Tradecraft. 🎯 Learn more ➡️ ghst.ly/bhscentry-tw
SpecterOps tweet media
English
1
12
26
2.8K
Logan Goins
Logan Goins@_logangoins·
I ended up quickly modifying ntlmrelayx to support these changes so that relays to LDAP are possible again, thanks y'all for your hard work on figuring this out! You can find the changes here: github.com/logangoins/imp…
RedTeam Pentesting@RedTeamPT

🚀Our tool keycred for KeyCredentialLinks and Shadow Credential attacks now works with updated domain controllers again! It turns out, Microsoft violated their own specs. Try it out: github.com/RedTeamPentest…

English
0
31
85
9.1K
Logan Goins retweetledi
Jonathan Beierle
Jonathan Beierle@hullabrian·
🚨Introducing EventHorizon!🚨 A framework built to arm researchers with customizable ETW telemetry and sigma-like detection and response rules! It allows you to easily retrieve ETWTI telemetry, all with a simple msi installer and included wiki. github.com/HullaBrian/Eve…
English
0
22
55
4.9K
Logan Goins retweetledi
Joshua Prager
Joshua Prager@Praga_Prag·
SpecterOps has a really good line up for SO-CON'26. #agenda" target="_blank" rel="nofollow noopener">specterops.io/so-con/#agenda
English
0
1
4
432
Logan Goins retweetledi
SpecterOps
SpecterOps@SpecterOps·
Still running MDT? As of Jan 6, 2025, it’s unsupported and unpatched. In this post, @unsigned_sh0rt shows how attackers can locate MDT/WDS (even unauthenticated) and chain issues into credential risk. Defenses included. Read more ⤵️ ghst.ly/49UHoeW
English
1
17
48
4.7K