Hans Lakhan

Senior Security Consultant

Experience

With over a decade of industry experience, Hans Lakhan has worked in both offensive and defensive roles. Before switching to red teaming, he spent 5 years working as a technical Security Analyst for a Fortune 500 telecommunications company, specializing in networking, firewalls, vulnerability management, and VPNs.

Education & Certifications

B.S. Bio-Medical Information Systems, University of Minnesota Offensive Security Certified Professional (OSCP)

Professional Affiliations

Hans occasionally presents at various conferences (Blackhat, DerbyCon) and contributes to several open source projects.

Passion for Security

While Hans enjoys tackling complex security challenges, his true passion stems from tearing apart systems (physical, digital, process flows, and more), in which the goal is to identify weaknesses and present remediation solutions.

Recent Blog Posts

hans tracing cover image

Tracing DNS Queries on Your Windows DNS Server

By Hans Lakhan
In Penetration Testing, Security Testing & Analysis
During a recent engagement, I successfully deployed a wildcard Domain Name System (DNS) record in conjunction with Responder. Within minutes, a misconfigured host made a query for a non-existent DNS record and was poisoned into connecting to our Responder instance. Unfortunately, the account was privileged enough that domain compromise was achieved. The techniques and tools...
Read
cartoon cat

Enumerating Anti-Sandboxing Techniques

By Hans Lakhan
In Application Security Assessment, Malware Analysis, Penetration Testing, Security Testing & Analysis
Fighting/writing malware is very much a cat and mouse game. One of several techniques used by Anti-Virus/EDR solutions is to detonate payloads in a sandbox and watch what happens. To combat this, malware writers (and pentesters) have been including checks in their payloads to identify when running in a sandbox to evade detection. However, these...
Read
graphic of file folders emerging from computer screen

How to Set Up a Quick, Simple WebDAV Server for Remote File Sharing

By Hans Lakhan
In Application Security Assessment, Cloud Assessment, Penetration Testing, Security Testing & Analysis
Dropping payloads to disk is often risky, not only from an Operations Security (OPSEC) standpoint, but it’s also more likely to trigger AV. To avoid exposing ourselves to these risks, it’s often more desirable to reference a file from a remote location. One method of doing this is to make use of WebDAV, a service...
Read
View all posts from Hans

Recent Podcasts

TrustedSec Security Podcasts

Live From Vegas!

November 18, 2019

Pay the Ransoms

November 18, 2019

(For Workgroups) Ghidra, Citrix and Beto Oh My!

November 18, 2019

Want to work with Hans Lakhan or someone like him?

The TrustedSec team is comprised of experienced and qualified security professionals. Contact us to learn more about our services, our team, and how we can help you.
Contact Us