Shop Our Merch
Report A Breach
1-877-550-4728
Ben Mauch
Managing Director, Tactical Awareness and Countermeasures (TAC)
Experience
Ben has been working in technology and development for over 20 years. He spent 13 years doing defense in the medical industry before moving over to the offense. He uses his knowledge of defense in order to refine his offensive skills and then uses this knowledge to equip customers with a better understanding of defensive methodologies.
Education & Certifications
GIAC Certified Penetration Tester (GPEN)
Professional Affiliations
Board Member for Secure Chicago, LLC
Passion for Security
Ben has dedicated himself to the security industry for the past 15 years. He speaks at several conferences a year across the US and he has presented in Oslo, Norway. Ben is active in the security community by offering talks, training, and encouraging new people to get involved. Ben has released open source tools including The PoshSec Framework, HoneyCreds, and Not PowerShell (nps) which are designed to help organizations refine their security posture.
Recent Blog Posts
The Art of Bypassing Kerberoast Detections with Orpheus
Back in May of 2018, I wrote a blog post detailing the steps I took to detect Kerberoast (T1558.003) attacks. This research allowed us to help organizations build a detection for when a threat actor requests the Kerberos ticket for accounts with a service principal name established. In this blog post, I am going to...
Read
The Art of Detecting Kerberoast Attacks
As a former defender, there is a sense of “happiness” when I can put defenses in place that allow you to detect attacks and potential indicators of compromise (IoC). It’s like those old spy toys you would get as a kid that had the “laser” light and would make a sound if the light beam...
Read
New Tool Release: NPS_Payload
Over the past year, we have seen a lot of research come out which highlights several of Microsoft’s native binaries which can be leveraged by an attacker to compromise or gain access to a system. One of these binaries, msbuild.exe, has proven very reliable in allowing us to gain a shell on a host in...
Read
Recent Webinars
Deception And Discovery: How Attackers Hide Backdoor Accounts (And How Defenders Find Them)
THIS WEBINAR WAS RECORDED ON JULY 7, 2021. Approaching an attack from all angles—conducting, detecting, and defending against them—can be a key element for strengthening the capabilities of security teams via Purple Team exercises and collaborative learning. However, finding practical...
Improving SIEM and MSSP Performance
Recorded on Wednesday, December 9, 2020. The goal of the Security Information and Event Management (SIEM), and theSecurity Operations Center (SOC) or Managed Security Service Provider (MSSP) that manage it, is to relay actionable intelligence that enables security teams to...
Going Purple: Measurably improving your security posture with Purple Team engagements
Recorded August 21, 2019 at 1 P.M. EST Adversaries continue to morph tactics and identify new ways of attacking organizations. Whether emulating a perimeter breach or the more popular phishing attack on the user population, it has never been more...
Recent Podcasts
Why It Matters Where You Put Your Luggage in Vegas
December 03, 2022
