Christopher Paschen

Senior Research Analyst


Christopher has worked in Information Security in both the private and public sectors for more than 5 years. He has experience with managing Active Directory and network services for a small team and has developed products that are used across organizational boundaries to accomplish a variety of red team tasks.

Education & Certifications

  • Master of Science, Applied Computer Science, Dakota State University
  • Bachelor of Arts, Computer and Network Security, Dakota State University

Passion for Security

Christopher has always been interested in how computers worked. He started assembling his first system with birthday money when he was 13 years old and experimented with programming in high school. While pursuing his Information Security career in college, he led teams for CCDC and capture the flag (CTF) events in order to share his love for computer security with those around him. Currently, he enjoys experimenting with systems by challenging assumptions of what should and should not be possible.

Recent Blog Posts

A Developer’s Introduction to Beacon Object Files

With the release of Cobalt Strike 4.1, a new feature has been added that allows code to be run in a more OPSEC friendly manner. This is implemented through what has been termed Beacon Object Files (BOFs). In this post, I will outline some of the less obvious restrictions of BOFs and share my workflow...

Abusing Windows Telemetry for Persistence

Today we’re going to talk about a persistence method that takes advantage of some of the wonderful telemetry that Microsoft has included in Windows versions for the last decade. The process outlined here affects Windows machines from 2008R2/Windows 7 through 2019/Windows 10. As of this posting, this persistence technique requires local admin rights to install...

Avoiding Get-InjectedThread for Internal Thread Creation

Often, a malicious author wants to be able to load non-disk backed code into memory. This could include code that was decrypted and unpacked (a second stage providing more functionality) or plugins to existing running code. After this non-disk backed code is loaded via some mechanism, it can be called normally, or a thread can...
View all posts from Christopher

Recent Webinars

Using Research to Gain Attack Intelligence

Recorded on November 4, 2020 Many penetration tests are falling short It’s becoming commonplace for penetration testers to encounter maturing products that recognize common attack patterns or post-exploitation activities. Many go-to testing tools are becoming ineffective without code modification to...
View all webinars from Christopher

Want to work with Christopher Paschen or someone like him?

The TrustedSec team is comprised of experienced and qualified security professionals. Contact us to learn more about our services, our team, and how we can help you.
Contact Us