Senior Research Analyst
Christopher has worked in Information Security in both the private and public sectors for more than 5 years. He has experience with managing Active Directory and network services for a small team and has developed products that are used across organizational boundaries to accomplish a variety of red team tasks.
Education & Certifications
Master of Science, Applied Computer Science, Dakota State University
Bachelor of Arts, Computer and Network Security, Dakota State University
Passion for Security
Christopher has always been interested in how computers worked. He started assembling his first system with birthday money when he was 13 years old and experimented with programming in high school. While pursuing his Information Security career in college, he led teams for CCDC and capture the flag (CTF) events in order to share his love for computer security with those around him. Currently, he enjoys experimenting with systems by challenging assumptions of what should and should not be possible.
Recent Blog Posts
With the release of Cobalt Strike 4.1, a new feature has been added that allows code to be run in a more OPSEC friendly manner. This is implemented through what has been termed Beacon Object Files (BOFs). In this post, I will outline some of the less obvious restrictions of BOFs and share my workflow...
Today we’re going to talk about a persistence method that takes advantage of some of the wonderful telemetry that Microsoft has included in Windows versions for the last decade. The process outlined here affects Windows machines from 2008R2/Windows 7 through 2019/Windows 10. As of this posting, this persistence technique requires local admin rights to install...
Often, a malicious author wants to be able to load non-disk backed code into memory. This could include code that was decrypted and unpacked (a second stage providing more functionality) or plugins to existing running code. After this non-disk backed code is loaded via some mechanism, it can be called normally, or a thread can...