I’m Logan Goins, an Associate Consultant on SpecterOps’s Adversary Simulation team. I’m interested in adversarial Active Directory operations and .NET post-exploitation capability development.

---

Here’s a quick summary of my experiences, tooling development, research, and community involvement:

• Experience:
  • Associate Consultant, Adversary Simulation at SpecterOps (May 2025 to Present)
  • Offensive Security Consultant Co-op at IBM X-Force Red (January 2025 to May 2025)
  • Offensive Security Consultant Intern at IBM X-Force Red (May 2024 to August 2024)
• Education:
  • Bachelors in Cybersecurity, The University of Texas at San Antonio (August 2023 to August 2026)
• Tooling Development:
  • SharpSuccessor, .NET Proof of Concept (POC) for fully weaponizing Yuval Gordon’s (@YuG0rd) BadSuccessor attack from Akamai.
  • SoaPy, Proof of Concept (PoC) Python tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.
  • Stifle, a .NET post-exploitation utility to exploit strong explicit certificate mappings (ESC14) for account takeover in Active Directory environments.
  • Krueger, Proof of Concept (PoC) .NET tool for remotely disabling EDR with weaponized WDAC to enable lateral movement.
  • Cable, .NET post-exploitation toolkit for Active Directory reconnaissance and exploitation.
• Research:
  • Attacking and Defending Configuration Manager - An Attackers Easy Win
  • SoaPy: Stealthy enumeration of Active Directory environments through ADWS
  • Using Offensive .NET to Enumerate and Exploit Active Directory Environments
  • NTLM Relaying to LDAP - The Hail Mary of Network Compromise
  • Active Directory Certificate Services (AD CS) - A Beautifully Vulnerable and Mis-configurable Mess
• Certifications:
  • Certified Red Team Operator (CRTO)
  • Offensive Security Certified Professional (OSCP)
  • CompTIA Cybersecurity Analyst+ ce (CySA+) - April 2023 to April 2026
  • CompTIA Security+ ce - April 2023 to April 2026
• Community Involvement:
  • Collegiate Penetration Testing Competition (CPTC) Global Finalist and U.S. Central Regional Champion 2023-2024
  • SimSpace National Cyber Cup Red Team Competition 3rd Place (2024)
  • UTSA RowdyCon Security Conference King of The Hill (KoTH) 1st place and Panel Speaker (2024)
  • UTSA Computer Security Association (CSA) Competitions Coordinator (Oct 2023 to August 2024)
  • Open-source community contributions to BloodHound documentation regarding AllExtendedRights abuse information

---