Jean-Francois Maes

Senior Security Consultant


Jean-François Maes is a senior security consultant with over 4 years of experience in offensive security.

Jean-François specializes in conducting advanced attack simulations for a range of sectors including large financial organizations and critical national infrastructure. With a focus on Red and Purple Teaming, Jean-François has completed numerous assessments aimed at identifying attack paths that adversaries could use to compromise critical assets and helping to secure customer environments against real-world threats.

Education & Certifications

  • GIAC Penetration Tester (GPEN)
  • Offensive Security Certified Professional (,OSCP)
  • Offensive Security Certified Expert (OSCE)
  • Certified Red Team Operator (CRTO)
  • PentesterAcademy Certified Red Team Professional (CRTP)
  • PentesterAcademy Certified Red Team Expert (CRTE)
  • PentesterAcademy Certified Enterprise Security Specialist (PACES)
  • PentesterAcademy Cloud Security Professional (PaCSP)

Professional Affiliations


Industry Contributions

Jean-François is a strong believer of knowledge sharing to make the (cyber) world a safer place. During both free and professional time, Jean-François has published numerous offensive tradecraft tools on GitHub and presented on numerous conferences such as DEFCON, Hack In The Box, BruCON, the list continues.

In addition to his consulting work for TrustedSec, Jean-François is also a SANS instructor and co-author of the SANS SEC699 and SANS SEC 565 courses.

Passion for Security

Jean-François’ passion for security began at a young age when he was introduced to technology in the form of a classic GameBoy. He had to know how it worked.

Jean-François’ curiosity of learning how specific technology works from the inside has given him a better understanding in how that same technology could potentially be exploited. His hunger for knowledge, and his curiosity knows no limit. Jean-François continues to pick up new tricks from his fellow peers, and passes his own knowledge down to the next generation of cybersecurity experts.

Recent Blog Posts

Expanding the Hound: Introducing Plaintext Field to Compromised Accounts

Introduction When doing an Internal Penetration Test, it is not uncommon to run BloodHound at one point or another. In case you are not familiar with BloodHound, it’s a tool that automatically fires off a bunch of LDAP queries and Windows API calls to collect various data in an Active Directory environment. Data can range...

I’m bringing relaying back: A comprehensive guide on relaying anno 2022

For years now, Internal Penetration Testing teams have been successful in obtaining a foothold or even compromising entire domains through a technique called NTLM relaying. The earliest, most descriptive relaying blog post I could find dates all the way back to 2017 written by Marcello, better known as byt3bl33d3r: At the time of writing this...
View all posts from Jean-Francois
TrustedSec icon

Want to work with Jean-Francois Maes or someone like him?

The TrustedSec team is comprised of experienced and qualified security professionals. Contact us to learn more about our services, our team, and how we can help you.
Contact Us