Logan Goins
@logangoins.bsky.social
📤 19
đź“Ą 29
đź“ť 0
Adversary Simulation
@specterops.io
reposted by
Logan Goins
SpecterOps
about 1 month ago
Credential Guard was supposed to end credential dumping. It didn't. Valdemar Carøe just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled. Read for more:
ghst.ly/4qtl2rm
loading . . .
Catching Credential Guard Off Guard - SpecterOps
Uncovering the protection mechanisms provided by modern Windows security features and identifying new methods for credential dumping.
https://ghst.ly/4qtl2rm
0
17
10
reposted by
Logan Goins
SpecterOps
about 1 month ago
Patching one technique doesn't close the entire attack vector. dMSA abuse is still a problem, and
@logangoins.bsky.social
just dropped a reality check with new tooling to prove it. Learn more about the issue & the new BadTakeover BOF.
ghst.ly/42POg9L
loading . . .
The (Near) Return of the King: Account Takeover Using the BadSuccessor Technique - SpecterOps
After Microsoft patched Yuval Gordon’s BadSuccessor privilege escalation technique, BadSuccessor returned with another blog from Yuval, briefly mentioning to the community that attackers can still abu...
https://ghst.ly/42POg9L
0
3
3
reposted by
Logan Goins
SpecterOps
3 months ago
Trying to fly under EDR's radar?
@logangoins.bsky.social
explains how to use HTTP-to-LDAP relay attacks to execute tooling completely off-host through the C2 payload context. Perfect for when you need LDAP access but want to avoid being caught stealing creds.
ghst.ly/41mjMv7
loading . . .
Operating Outside the Box: NTLM Relaying Low-Privilege HTTP Auth to LDAP - SpecterOps
TL;DR When operating out of a ceded access or phishing payload with no credential material, you can use low-privilege HTTP authentication from the current user context to perform a proxied relay to LD...
https://ghst.ly/41mjMv7
0
5
2
you reached the end!!
feeds!
log in
