EXPERIENCE
Ben has been working in technology and development for over 20 years. He spent 13 years doing defense in the medical industry before moving over to offense. He uses his knowledge of defense to refine his offensive skills and then uses this knowledge to equip customers with a better understanding of defensive methodologies. Ben has dedicated himself to the security industry for the past 15 years. He speaks at several conferences each year across the US, and he has presented in Oslo, Norway. Ben is active in the security community by offering talks, training, and encouraging new people to get involved.
EDUCATION & CERTIFICATIONS
GIAC Certified Penetration Tester
INDUSTRY CONTRIBUTIONS
- Released several open-source tools, including The PoshSec Framework, HoneyCreds, Not PowerShell (nps), and Orpheus
- Chief architect and developer on Impede Detection Platform
- Featured in the book Tribe of Hackers as one of 100 people who are making an impact in Information Securitys
- Primary Instructor for TrustedSec’s BlackHat USA Training Class, InfoSec World USA’s Training Class, and TrustedSec’s online training for Purple Teams and PowerShell for Offense and Defense
- Presenter at several industry events and conventions such as DerbyCon, THOTCON, BSides Chicago, BSides DFW, Texas Cyber Summit, GrrCON, BSides Detroit, Ohio Chapter of the ISSA, CactusCon, ShowMeCon, and more.
- Guest appearance on KMOV St. Louis
Featured Blogs And Resources
Discover the blogs, analysis, webinars, and podcasts by this team member.
The SOCKS We Have at Home
IntroductionWhen performing penetration tests, we sometimes find that the systems or data we are targeting are not directly accessible from the network our…
What is Hackvertor (and why should I care)?
1.1 What’s Hackvertor and why should I care?Years ago, Gareth Heyes created a Burp Suite (Burp) extension called Hackvertor. It’s an extension with a lot…
Clickjacking: Not Just for the Clicks
tl;dr versionYou can trick users into "typing" inputs in a clickjacking attack.YouTube demo: https://www.youtube.com/watch?v=VIEZ1aByFvUPoC GitHub Repo:…
Book Review - The Definitive Guide to PCI DSS Version 4
As a PCI QSA, I have answered numerous questions about the new PC DSS Version 4. With over 500 total controls, and at least 100 of them unique to this version,…
The Triforce of Initial Access
LootWhile Red Teamers love to discuss and almost poetically describe their C2 feature sets, EDR evasion capabilities, and fast weaponizing of N-day exploits,…
JS-Tap: Weaponizing JavaScript for Red Teams
How do you use malicious JavaScript to attack an application you know nothing about?Application penetration testers often create custom weaponized JavaScript…
A Hitch-hacker's Guide to DACL-Based Detections (Part 3)
This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1 IntroductionIn this third and final…
A Hitch-hacker's Guide to DACL-Based Detections (Part 2)
This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1 IntroductionThis is a continuation of A…
A Hitch-hacker's Guide to DACL-Based Detections (Part 1B)
This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1 IntroductionIn this continuation to our first…
A Hitch-hacker's Guide to DACL-Based Detections (Part 1A)
This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1 IntroductionIf you were to collectively ask any…
Empower your business through better security design.
Talk directly with our experienced advisory consultants to learn how we can help.
