Senior Security Consultant
Scot has been involved in information security for nearly a decade, first getting his start remediating vulnerabilities for a large insurance organization. He was fortunate to be involved in defensive security for several years as an administrator, engineer, and analyst. He then transitioned to fully offensive security and has enjoyed demonstrating risk to organizations across nearly every vertical.
Education & Certifications
B.S. Management Computer Systems, University of Wisconsin – Whitewater OSCP
Scot has contributed to several open source projects and authored a couple as well. He also enjoys occasionally speaking at various security conferences.
Passion for Security
Scot enjoys seeing a solution to a difficult problem come to fruition in a unique way. He is driven by his curiosity to see how things work and to help clients achieve great security by leveraging secure configuration and informed personnel.
Recent Blog Posts
Background OAuth is an open authorization standard that facilitates unrelated servers and services working together, allowing access to their assets without sharing the initial, related, single logon credential. I have been thinking of it as a kind of Kerberos for external services, without a shared domain or forest. A familiar instance would be authentication to...
As an attacker, I frequently leverage LSASecrets to escalate privileges within the context of an ongoing compromise. Generally, the attack path is something like this: Gain Initial Foothold > Escalate to Limited User > Dump LSASecrets on Systems Where Credentials are Administrator A pretty slick way to identify targets to dump LSASecrets on is to...
So, this post is inspired by some very interesting research done by @mubix that you can read about here, as well as this amazing post by Tim Medin here. After reading Mubix’s post, I was whipped into a frenzy and purchased several domains. I realize that these posts are both several years old, but this idea has...