Ben Mauch

Managing Director, Tactical Awareness and Countermeasures (TAC)


Ben has been working in technology and development for over 20 years. He spent 13 years doing defense in the medical industry before moving over to the offense. He uses his knowledge of defense in order to refine his offensive skills and then uses this knowledge to equip customers with a better understanding of defensive methodologies.

Education & Certifications

GIAC Certified Penetration Tester (GPEN)

Professional Affiliations

Board Member for Secure Chicago, LLC

Passion for Security

Ben has dedicated himself to the security industry for the past 15 years. He speaks at several conferences a year across the US and he has presented in Oslo, Norway. Ben is active in the security community by offering talks, training, and encouraging new people to get involved. Ben has released open source tools including The PoshSec Framework, HoneyCreds, and Not PowerShell (nps) which are designed to help organizations refine their security posture.

Recent Blog Posts

The Art of Bypassing Kerberoast Detections with Orpheus

Back in May of 2018, I wrote a blog post detailing the steps I took to detect Kerberoast (T1558.003) attacks. This research allowed us to help organizations build a detection for when a threat actor requests the Kerberos ticket for accounts with a service principal name established. In this blog post, I am going to...
kerberoast attacks graphic

The Art of Detecting Kerberoast Attacks

As a former defender, there is a sense of “happiness” when I can put defenses in place that allow you to detect attacks and potential indicators of compromise (IoC). It’s like those old spy toys you would get as a kid that had the “laser” light and would make a sound if the light beam...
TrustedSec Blogs + Articles logo

New Tool Release: NPS_Payload

Over the past year, we have seen a lot of research come out which highlights several of Microsoft’s native binaries which can be leveraged by an attacker to compromise or gain access to a system. One of these binaries, msbuild.exe, has proven very reliable in allowing us to gain a shell on a host in...
View all posts from Ben

Recent Webinars

Training Preview: Actionable Purple Teaming at Black Hat USA 2023

Register Get an exclusive sneak peek into TrustedSec’s upcoming training program at Black Hat USA 2023. Led by renowned instructor Ben Mauch, the course is designed to equip cybersecurity professionals with the latest techniques and tools for attacking and detecting...

Deception And Discovery: How Attackers Hide Backdoor Accounts (And How Defenders Find Them)

THIS WEBINAR WAS RECORDED ON JULY 7, 2021. Approaching an attack from all angles—conducting, detecting, and defending against them—can be a key element for strengthening the capabilities of security teams via Purple Team exercises and collaborative learning. However, finding practical...

Improving SIEM and MSSP Performance

Recorded on Wednesday, December 9, 2020. The goal of the Security Information and Event Management (SIEM), and theSecurity Operations Center (SOC) or Managed Security Service Provider (MSSP) that manage it, is to relay actionable intelligence that enables security teams to...
View all webinars from Ben

Want to work with Ben Mauch or someone like him?

The TrustedSec team is comprised of experienced and qualified security professionals. Contact us to learn more about our services, our team, and how we can help you.
Contact Us