Scot Berner

Senior Security Consultant

Experience

Scot has been involved in information security for nearly a decade, first getting his start remediating vulnerabilities for a large insurance organization. He was fortunate to be involved in defensive security for several years as an administrator, engineer, and analyst. He then transitioned to fully offensive security and has enjoyed demonstrating risk to organizations across nearly every vertical.

Education & Certifications

B.S. Management Computer Systems, University of Wisconsin – Whitewater OSCP

Industry Contributions

Scot has contributed to several open source projects and authored a couple as well. He also enjoys occasionally speaking at various security conferences.

Passion for Security

Scot enjoys seeing a solution to a difficult problem come to fruition in a unique way. He is driven by his curiosity to see how things work and to help clients achieve great security by leveraging secure configuration and informed personnel.

Recent Blog Posts

Practical OAuth Abuse for Offensive Operations – Part 1

By Scot Berner
In Application Security Assessment, Penetration Testing, Purple Team Adversarial Detection & Countermeasures, Red Team Adversarial Attack Simulation, Security Testing & Analysis
Background OAuth is an open authorization standard that facilitates unrelated servers and services working together, allowing access to their assets without sharing the initial, related, single logon credential. I have been thinking of it as a kind of Kerberos for external services, without a shared domain or forest. A familiar instance would be authentication to...
Read

Creating Honey Credentials with LSA Secrets

By Scot Berner
In Application Security Assessment, Penetration Testing, Security Testing & Analysis
As an attacker, I frequently leverage LSASecrets to escalate privileges within the context of an ongoing compromise. Generally, the attack path is something like this: Gain Initial Foothold > Escalate to Limited User > Dump LSASecrets on Systems Where Credentials are Administrator A pretty slick way to identify targets to dump LSASecrets on is to...
Read

Buying Internal Domain Access Again

By Scot Berner
In Penetration Testing, Security Testing & Analysis
So, this post is inspired by some very interesting research done by @mubix that you can read about here, as well as this amazing post by Tim Medin here. After reading Mubix’s post, I was whipped into a frenzy and purchased several domains. I realize that these posts are both several years old, but this idea has...
Read
View all posts from Scot

Recent Podcasts

TrustedSec Security Podcasts

Its All Over People! – Your Wallet is Unahackable but I Have Your Password and More…

October 01, 2022

Is That CryptoMiner or a Utility? Wildcards for the Masses, Look-a-Likes, and More …

October 01, 2022

OWASP Top 10 2017, OSX Root Login Bypass, Uber Hacked, who are the shadow brokers, R…

October 01, 2022

Want to work with Scot Berner or someone like him?

The TrustedSec team is comprised of experienced and qualified security professionals. Contact us to learn more about our services, our team, and how we can help you.
Contact Us