I’m a senior offensive security engineer with most of my experience in penetration testing. I enjoy writing buggy Python tools and learning about Active Directory.
I hold the OSCP and CRTO certifications.
I occasionally blog here, but more frequently on the Fortalice Solutions blog. Topics there include:
- Hunting Resource-Based Constrained Delegation in Active Directory (9/9/2022)
- Granularize Your Active Directory Reconnaissance Game Part 2 (6/15/2022)
- Keeping Up with the NTLM Relay (2/11/2022)
- ADCS: Playing with ESC4 (12/20/2021)
- Shadow Credentials: Workstation Takeover Edition (10/21/2021)
- PKINIT FTW: Combining Shadow Credentials and ADCS Template Abuse (9/8/2021)
- Elevating with NTLMv1 and the Printer Bug (6/29/2021)