Scot Berner

Senior Security Consultant


Scot has been involved in information security for nearly a decade, first getting his start remediating vulnerabilities for a large insurance organization. He was fortunate to be involved in defensive security for several years as an administrator, engineer, and analyst. He then transitioned to fully offensive security and has enjoyed demonstrating risk to organizations across nearly every vertical.

Education & Certifications

  • B.S. Management Computer Systems, University of Wisconsin – Whitewater
  • Offensive Security Certified Professional (OSCP)

Industry Contributions

Scot has contributed to several open source projects and authored a couple as well. He also enjoys occasionally speaking at various security conferences.

Passion for Security

Scot enjoys seeing a solution to a difficult problem come to fruition in a unique way. He is driven by his curiosity to see how things work and to help clients achieve great security by leveraging secure configuration and informed personnel.

Recent Blog Posts

Practical OAuth Abuse for Offensive Operations – Part 1

Background OAuth is an open authorization standard that facilitates unrelated servers and services working together, allowing access to their assets without sharing the initial, related, single logon credential. I have been thinking of it as a kind of Kerberos for external services, without a shared domain or forest. A familiar instance would be authentication to...

Creating Honey Credentials with LSA Secrets

As an attacker, I frequently leverage LSASecrets to escalate privileges within the context of an ongoing compromise. Generally, the attack path is something like this: Gain Initial Foothold > Escalate to Limited User > Dump LSASecrets on Systems Where Credentials are Administrator A pretty slick way to identify targets to dump LSASecrets on is to...

Buying Internal Domain Access Again

So, this post is inspired by some very interesting research done by @mubix that you can read about here, as well as this amazing post by Tim Medin here. After reading Mubix’s post, I was whipped into a frenzy and purchased several domains. I realize that these posts are both several years old, but this idea has...
View all posts from Scot

Want to work with Scot Berner or someone like him?

The TrustedSec team is comprised of experienced and qualified security professionals. Contact us to learn more about our services, our team, and how we can help you.
Contact Us