Shop Our Merch
Report A Breach
1-877-550-4728
Ben Mauch
Managing Director, Tactical Awareness and Countermeasures (TAC)
Experience
Ben has been working in technology and development for over 20 years. He spent 13 years doing defense in the medical industry before moving over to the offense. He uses his knowledge of defense in order to refine his offensive skills and then uses this knowledge to equip customers with a better understanding of defensive methodologies.
Education & Certifications
GIAC Certified Penetration Tester (GPEN)
Professional Affiliations
Board Member for Secure Chicago, LLC
Passion for Security
Ben has dedicated himself to the security industry for the past 15 years. He speaks at several conferences a year across the US and he has presented in Oslo, Norway. Ben is active in the security community by offering talks, training, and encouraging new people to get involved. Ben has released open source tools including The PoshSec Framework, HoneyCreds, and Not PowerShell (nps) which are designed to help organizations refine their security posture.
Recent Blog Posts
The Art of Bypassing Kerberoast Detections with Orpheus
Back in May of 2018, I wrote a blog post detailing the steps I took to detect Kerberoast (T1558.003) attacks. This research allowed us to help organizations build a detection for when a threat actor requests the Kerberos ticket for accounts with a service principal name established. In this blog post, I am going to...
Read
The Art of Detecting Kerberoast Attacks
As a former defender, there is a sense of “happiness” when I can put defenses in place that allow you to detect attacks and potential indicators of compromise (IoC). It’s like those old spy toys you would get as a kid that had the “laser” light and would make a sound if the light beam...
Read
New Tool Release: NPS_Payload
Over the past year, we have seen a lot of research come out which highlights several of Microsoft’s native binaries which can be leveraged by an attacker to compromise or gain access to a system. One of these binaries, msbuild.exe, has proven very reliable in allowing us to gain a shell on a host in...
Read
Recent Webinars
Training Preview: Actionable Purple Teaming at Black Hat USA 2023
Register Get an exclusive sneak peek into TrustedSec’s upcoming training program at Black Hat USA 2023. Led by renowned instructor Ben Mauch, the course is designed to equip cybersecurity professionals with the latest techniques and tools for attacking and detecting...
Deception And Discovery: How Attackers Hide Backdoor Accounts (And How Defenders Find Them)
THIS WEBINAR WAS RECORDED ON JULY 7, 2021. Approaching an attack from all angles—conducting, detecting, and defending against them—can be a key element for strengthening the capabilities of security teams via Purple Team exercises and collaborative learning. However, finding practical...
Improving SIEM and MSSP Performance
Recorded on Wednesday, December 9, 2020. The goal of the Security Information and Event Management (SIEM), and theSecurity Operations Center (SOC) or Managed Security Service Provider (MSSP) that manage it, is to relay actionable intelligence that enables security teams to...
Recent Podcasts
