Everything you care about in one place

Follow feeds: blogs, news, RSS and more. An effortless way to read and digest content of your choice.

Get Feeder



Get the latest updates from harmj0y directly as they happen.

Follow now 116 followers

Latest posts

Last updated almost 2 years ago

A Case Study in Wagging the Dog: Computer Takeover

almost 2 years ago

Last month, Elad Shamir released a phenomenal, in depth post on abusing...

Kerberoasting Revisited

almost 2 years ago

Rubeus is a C# Kerberos abuse toolkit that started as a port...

Not A Security Boundary: Breaking Forest Trusts

about 2 years ago

For years Microsoft has stated that the forest was the security boundary...

Another Word on Delegation

about 2 years ago

Every time I think I start to understand Active Directory and Kerberos...

Rubeus – Now With More Kekeo

about 2 years ago

Rubeus, my C# port of some of features from @gentilkiwi‘s Kekeo toolset...

From Kekeo to Rubeus

about 2 years ago

Kekeo, the other big project from Benjamin Delpy after Mimikatz, is an...

Operational Guidance for Offensive User DPAPI Abuse

over 2 years ago

I’ve spoken about DPAPI (the Data Protection Application Programming Interface) a bit...


over 2 years ago

Anyone who has followed myself or my teammates at SpecterOps for a...

The PowerView PowerUsage Series #5

over 2 years ago

This is the fifth post in my “PowerView PowerUsage” series, and follows...

Remote Hash Extraction On Demand Via Host Security Descriptor Modification

over 2 years ago

This is the long overdue follow-up to the “An ACE in the...

The PowerView PowerUsage Series #4

about 3 years ago

This is a short follow-up to my “A Guide to Attacking Domain...

A Guide to Attacking Domain Trusts

about 3 years ago

It’s been a while (nearly 2 years) since I wrote a post...