Everything you care about in one place

Follow feeds: blogs, news, RSS and more. An effortless way to read and digest content of your choice.

Get Feeder

harmj0y.net

harmj0y

Get the latest updates from harmj0y directly as they happen.

Follow now 144 followers

Latest posts

Last updated over 3 years ago

Certified Pre-Owned

over 3 years ago

TL;DR Active Directory Certificate Services has a lot of attack potential! Check...

A Case Study in Wagging the Dog: Computer Takeover

over 5 years ago

Last month, Elad Shamir released a phenomenal, in depth post on abusing...

Kerberoasting Revisited

over 5 years ago

Rubeus is a C# Kerberos abuse toolkit that started as a port...

Not A Security Boundary: Breaking Forest Trusts

almost 6 years ago

For years Microsoft has stated that the forest was the security boundary...

Another Word on Delegation

about 6 years ago

Every time I think I start to understand Active Directory and Kerberos...

Rubeus – Now With More Kekeo

about 6 years ago

Rubeus, my C# port of some of features from @gentilkiwi‘s Kekeo toolset...

From Kekeo to Rubeus

about 6 years ago

Kekeo, the other big project from Benjamin Delpy after Mimikatz, is an...

Operational Guidance for Offensive User DPAPI Abuse

about 6 years ago

I’ve spoken about DPAPI (the Data Protection Application Programming Interface) a bit...

GhostPack

over 6 years ago

Anyone who has followed myself or my teammates at SpecterOps for a...

The PowerView PowerUsage Series #5

over 6 years ago

This is the fifth post in my “PowerView PowerUsage” series, and follows...

Remote Hash Extraction On Demand Via Host Security Descriptor Modification

over 6 years ago

This is the long overdue follow-up to the “An ACE in the...

The PowerView PowerUsage Series #4

almost 7 years ago

This is a short follow-up to my “A Guide to Attacking Domain...