Hi I’m Logan Goins, an Associate Adversary Simulation Operator at SpecterOps. As part of Consulting Services, I perform Penetration Tests and Red Team Operations for clients looking to measure impact in the case of a breach or improve their detection and response capabilities.
Additionally, I love to continuously learn and develop new tools and tradecraft for exploiting or abusing easily mis-configurable or complex technologies which may enable risk for an organization.
Here’s a quick summary of my experiences, tooling development, and research:
- Experience:
- Associate Consultant, Adversary Simulation at SpecterOps (May 2025 to Present)
- Offensive Security Consultant Co-op at IBM X-Force Red (January 2025 to May 2025)
- Offensive Security Consultant Intern at IBM X-Force Red (May 2024 to August 2024)
- Education:
- Bachelors in Cybersecurity, The University of Texas at San Antonio (August 2023 to August 2026)
- Tooling Development:
- SharpSuccessor, .NET Proof of Concept (POC) for fully weaponizing Yuval Gordon’s (@YuG0rd) BadSuccessor attack from Akamai.
- SOAPy, Proof of Concept (PoC) Python tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.
- Stifle, a .NET post-exploitation utility to exploit strong explicit certificate mappings (ESC14) for account takeover in Active Directory environments.
- Krueger, Proof of Concept (PoC) .NET tool for remotely disabling EDR with weaponized WDAC to enable lateral movement.
- Cable, .NET post-exploitation toolkit for Active Directory reconnaissance and exploitation.
- Major Blogs:
- Operating Outside the Box: NTLM Relaying Low-Privilege HTTP Auth to LDAP
- Make Sure to Use SOAP(y) – An Operators Guide to Stealthy AD Collection Using ADWS
- Attacking and Defending Configuration Manager - An Attackers Easy Win
- SOAPy: Stealthy enumeration of Active Directory environments through ADWS
- Using Offensive .NET to Enumerate and Exploit Active Directory Environments
- NTLM Relaying to LDAP - The Hail Mary of Network Compromise
- Active Directory Certificate Services (AD CS) - A Beautifully Vulnerable and Mis-configurable Mess
- Certifications:
- Certified Red Team Operator (CRTO)
- Offensive Security Certified Professional (OSCP)
- CompTIA Cybersecurity Analyst+ ce (CySA+) - April 2023 to April 2026
- CompTIA Security+ ce - April 2023 to April 2026