EXPERIENCE
With over a decade of industry experience, Hans Lakhan has worked in both offensive and defensive roles. Before switching to red teaming, he spent 5 years working as a technical Security Analyst for a Fortune 500 telecommunications company, specializing in networking, firewalls, vulnerability management, and VPNs.
EDUCATION & CERTIFICATIONS
- B.S. Bio-Medical Information Systems, University of Minnesota
- Offensive Security Certified Professional (OSCP)
PROFESSIONAL AFFILIATIONS
Hans occasionally presents at various conferences (Blackhat, DerbyCon) and contributes to several open source projects.
PASSION FOR SECURITY
While Hans enjoys tackling complex security challenges, his true passion stems from tearing apart systems (physical, digital, process flows, and more), in which the goal is to identify weaknesses and present remediation solutions.
Featured Blogs And Resources
Discover the blogs, analysis, webinars, and podcasts by this team member.
Recovering Randomly Generated Passwords
TL;DR - Use the following hashcat mask files when attempting to crack randomly generated passwords. 8 Character Passwordsmasks_8.hcmask9 Character…
Injecting Rogue DNS Records Using DHCP
During an Internal Penetration Test or Adversarial Attack Simulation (Red Team), TrustedSec will deploy a rogue, Linux-based networking device onto a client's…
Azure Account Hijacking using mimikatz’s lsadump::setntlm
Not long ago, I was on an engagement where the client made use of a hybrid Office 365 environment. In their setup, authentication credentials were managed by…
Password Recovery 101: Cracking More of Your List
Join VP of Consulting Services Martin Bos, as well as Senior Security Consultants Paul Burkeland and Hans Lakhan for this webinar and interactive walkthrough,…
Actionable Purple Team Simulation Online Training (November 7-8)
Learn how to create specific detections to identify early Indicators of Compromise (IOCs) in our online course. Designed for those looking to improve their…
Ask Me Anything: Proactive Threat Hunting
As threat actors become more sophisticated, organizations' approaches to finding malicious activity must become more proactive and refined. Dive into the…
Black Hat USA Training - Applied Threat Hunting and Detection Engineering
Registration is now open for our Black Hat training on August 3-6, 2024
Lapse of Control: Applauding PCI SSC for FAQ 1572
I want to applaud the PCI Security Standards Council (PCI SSC) for FAQ 1572 published in March of 2024 for simply and effectively answering a question asked by…
ISC2 Cleveland Chapter Member Meeting July 2024
ISC2 Cleveland Chapter July MeetupCome join us for our monthly meetup! The ISC2 Cleveland Chapter is hosting an exciting in-person event for all cybersecurity…
Specula: A Red Team Chronicle
Microsoft Outlook is often used as the primary email client in corporate environments, making it a high-value target for threat actors. Any potential to…
Empower your business through better security design.
Talk directly with our experienced advisory consultants to learn how we can help.
