Log inSign up
user avatar
Will Schroeder
@harmj0y
Researcher @SpecterOps. Coding towards chaotic good while living on the decision boundary.
Seattle, WA
blog.harmj0y.net
Joined August 2012
974
Following
48.9K
Followers
  • Pinned
    user avatar
    Will Schroeder
    @harmj0y
    Jun 17, 2021
    5 months ago @tifkin_ and I started looking into the security of Active Directory Certificate Services. Today we're releasing the results of that research- a blog post posts.specterops.io/certified-pre-… + a 140-page whitepaper and defensive audit tool (links at the top of the post) [1/6]
    Certified Pre-Owned
    From specterops.io
  • user avatar
    Will Schroeder
    @harmj0y
    Nov 28, 2018
    Active Directory forests are no longer a security boundary thanks to @tifkin_'s printer bug. Check out posts.specterops.io/not-a-security… for weaponization and mitigation details and @Cyb3rWard0g's post for detection guidance posts.specterops.io/hunting-in-act…
    Not A Security Boundary: Breaking Forest Trusts
    From specterops.io
  • user avatar
    Will Schroeder
    @harmj0y
    Oct 30, 2017
    So excited - here's my updated "Guide to Attacking Domain Trusts" posts.specterops.io/a-guide-to-att… ! Was a blast to write
    A Guide to Attacking Domain Trusts
    From specterops.io
  • user avatar
    Will Schroeder
    @harmj0y
    Mar 9, 2021
    In case you were worried
  • user avatar
    Will Schroeder
    @harmj0y
    Jul 24, 2018
    Y’all knew it was just a matter of time : ) PowerShell is definitely a "gateway drug" to C# - GhostPack is a collection of new security tools (currently C#) details at posts.specterops.io/ghostpack-d835… , code live at github.com/GhostPack
    GhostPack
    From specterops.io
  • user avatar
    Will Schroeder
    @harmj0y
    Feb 26, 2019
    If you're interested in Kerberos or Active Directory and haven't read @elad_shamir's "Wagging the Dog" post, do yourself a favor and dive in. You won't regret it.
    Wagging the Dog: Abusing Resource-Based Constrained Delegation to Attack Active Directory
    From shenaniganslabs.io
  • user avatar
    Will Schroeder
    @harmj0y
    Jul 7, 2022
    Hey, do you like tokens? Have you always wanted to "harvest" tokens for offensive purposes? If so check out my new post posts.specterops.io/koh-the-token-… where I show I can (finally) write a technical post without memes, and then check out the Koh toolset at github.com/GhostPack/Koh
    Koh: The Token Stealer
    From specterops.io
  • user avatar
    Will Schroeder
    @harmj0y
    Aug 22, 2018
    "Operational Guidance for Offensive User DPAPI Abuse" posts.specterops.io/operational-gu… documenting some of the ways to use Mimikatz to play with DPAPI. Thanks @gentilkiwi for all the awesome features! :)
    Operational Guidance for Offensive User DPAPI Abuse
    From specterops.io
  • user avatar
    Will Schroeder
    @harmj0y
    Aug 4, 2021
    The offensive AD CS tools from @tifkin_'s and my "Certified Pre-Owned" talk, Certify and ForgeCert, are now live at github.com/GhostPack/Cert… / github.com/GhostPack/Forg… ! Thanks to everyone who attended the talk stream!
    GitHub - GhostPack/Certify: Active Directory certificate abuse.
    From github.com
  • user avatar
    Will Schroeder
    @harmj0y
    Jan 3, 2020
    The offensive security community means a lot to me. Following @Antonlovesdnb's great thread that injected some much needed infosec positivity, I wanted to highlight a few (offensive-ish) posts/talks that my team and myself enjoyed over the last year or so.
  • user avatar
    Will Schroeder
    @harmj0y
    Jul 10, 2019
    Mad props to Microsoft for taking this very very seriously! techcommunity.microsoft.com/t5/Premier-Fie… Reminder that on July 9 things flip, disallowing delegated TGTs across forest trust boundaries by default. This is an awesome fix for the issue that @tifkin_ and I discovered, hats off 👍
  • user avatar
    Will Schroeder
    @harmj0y
    Aug 18, 2020
    Finally the end of a very fun ride- I've merged Dev to Master for PowerSploit and marked the project as no longer supported. Offensive PowerShell was how I started my career, and I owe @obscuresec and @mattifestation a debt of gratitude for bringing me in. [1/3]
  • user avatar
    Will Schroeder
    @harmj0y
    May 26, 2020
    Over the last year @tifkin_ and I rewrote GhostPack's Seatbelt from the ground up. Highlights- completely modularized, nearly 2x increase in checks, remote enumeration options, and structured output. Complete changelog at github.com/GhostPack/Seat… , code at github.com/GhostPack/Seat…
  • user avatar
    Will Schroeder
    @harmj0y
    Sep 7, 2019
    The slides for my @DerbyCon talk "Kerberoasting Revisited" are up at slideshare.net/harmj0y/derbyc… . Thanks to everyone who came out!