Logan Goins

Hi I’m Logan Goins, an Associate Adversary Simulation Operator at SpecterOps. As part of Consulting Services, I perform Penetration Tests and Red Team Operations for clients looking to measure impact in the case of a breach or improve their detection and response capabilities.

Additionally, I love to continuously learn and develop new tools and tradecraft for exploiting or abusing easily mis-configurable or complex technologies which may enable risk for an organization.

Here’s a quick summary of my experiences, tooling development, and research:

Experience:
- Associate Consultant, Adversary Simulation at SpecterOps (May 2025 to Present)
- Offensive Security Consultant Co-op at IBM X-Force Red (January 2025 to May 2025)
- Offensive Security Consultant Intern at IBM X-Force Red (May 2024 to August 2024)
Education:
- Bachelors in Cybersecurity, The University of Texas at San Antonio (August 2023 to August 2026)
Tooling Development:
- BadTakeover, Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover
- SharpSuccessor, .NET Proof of Concept (POC) for fully weaponizing Yuval Gordon’s (@YuG0rd) BadSuccessor attack from Akamai.
- SOAPy, Proof of Concept (PoC) Python tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.
- Stifle, a .NET post-exploitation utility to exploit strong explicit certificate mappings (ESC14) for account takeover in Active Directory environments.
- Krueger, Proof of Concept (PoC) .NET tool for remotely disabling EDR with weaponized WDAC to enable lateral movement.
- Cable, .NET post-exploitation toolkit for Active Directory reconnaissance and exploitation.
Major Blogs:
Certifications:
- Certified Red Team Operator (CRTO)
- Offensive Security Certified Professional (OSCP)
- CompTIA Cybersecurity Analyst+ ce (CySA+) - April 2023 to April 2026
- CompTIA Security+ ce - April 2023 to April 2026