Headshot of Jake Karnes

Jake Karnes

Senior Technical Architect, Technical Enablement

Jake has a B.S. in Computer Science from San Jose State University, and holds the GIAC Certified Incident Handler and Certified Ethical Hacker certifications. He specializes in web application penetration testing. Jake also contributes to the development of applications and tools for the NetSPI penetration testing team.

More By Jake Karnes

Videos & Livestreams

Persistence is Vital: Key Lessons Learned when Finding and Discovering CVE-2020-17049

September 11, 2022

NetSPI Managing Consultant Jake Karnes spoke at the CrestCon UK 2022 conference at the Royal College of Physicians. During this session, Jake described how he found and responsibly disclosed a serious Microsoft vulnerability: The Kerberos Bronze Bit Attack.

Learn More
Web Application Pentesting

Burp Suite Extension: AWS Signer 2.0 Release

March 31, 2022

This post covers the latest updates and features available in the AWS Signer Burp Suite Extension.

Learn More
Web Application Pentesting

Azure SAS Tokens for Web Application Penetration Testers

January 6, 2022

Learn how to abuse common misconfigurations of Azure SAS tokens using these web application penetration testing techniques.

Learn More
Cloud Pentesting

Azure Persistence with Desired State Configurations

June 24, 2021

See how the Azure Desired State Configuration VM Extension can be utilized by pentesters for robust persistence and recurring tasks.

Learn More

SecureAuth: Impacket Release v0.9.23

June 9, 2021

On June 9, 2021, NetSPI Security Consultant Jake Karnes was featured in a SecureAuth article.

Learn More
Videos & Livestreams

CVE-2020-17049: Kerberos Bronze Bit Attack – Explained and Exploited

December 24, 2020

NetSPI’s Jake Karnes explains the inner workings of CVE-2020-17049: The Kerberos Bronze Bit Attack.

Learn More

Bleeping Computer: Windows Kerberos Bronze Bit attack gets public exploit, patch now

December 10, 2020

On December 10, NetSPI Security Consultant Jake Karnes was featured in Bleeping Computer.

Learn More

Trimarc: Kerberos Bronze Bit Attack (CVE-2020-17049) Scenarios to Potentially Compromise Active Directory

December 10, 2020

On December 10, NetSPI Security Consultant Jake Karnes was featured in Trimarc.

Learn More

ZDNet: Proof-of-concept exploit code published for new Kerberos Bronze Bit attack

December 10, 2020

On December 10, NetSPI Security Consultant Jake Karnes was featured in ZDNet.

Learn More
Network Pentesting

CVE-2020-17049: Kerberos Bronze Bit Attack – Theory

December 8, 2020

Learn high-level details related to the theory of the Bronze Bit attack (CVE-2020-17049) against Kerberos implementations in Windows Active Directory.

Learn More
Network Pentesting

CVE-2020-17049: Kerberos Bronze Bit Attack – Overview

December 8, 2020

Read a helpful overview of the Bronze Bit attack (CVE-2020-17049) against Kerberos implementations in Windows Active Directory.

Learn More
Network Pentesting

CVE-2020-17049: Kerberos Bronze Bit Attack – Practical Exploitation

December 8, 2020

This post is an overview of the practical exploitation of the Bronze Bit attack (CVE-2020-17049) in a Windows Active Directory environment.

Learn More