EXPERIENCE
With over a decade of industry experience, Hans Lakhan has worked in both offensive and defensive roles. Before switching to red teaming, he spent 5 years working as a technical Security Analyst for a Fortune 500 telecommunications company, specializing in networking, firewalls, vulnerability management, and VPNs.
EDUCATION & CERTIFICATIONS
- B.S. Bio-Medical Information Systems, University of Minnesota
- Offensive Security Certified Professional (OSCP)
PROFESSIONAL AFFILIATIONS
Hans occasionally presents at various conferences (Blackhat, DerbyCon) and contributes to several open source projects.
PASSION FOR SECURITY
While Hans enjoys tackling complex security challenges, his true passion stems from tearing apart systems (physical, digital, process flows, and more), in which the goal is to identify weaknesses and present remediation solutions.
Featured Blogs And Resources
Discover the blogs, analysis, webinars, and podcasts by this team member.
Recovering Randomly Generated Passwords
TL;DR - Use the following hashcat mask files when attempting to crack randomly generated passwords. 8 Character Passwordsmasks_8.hcmask9 Character…
Injecting Rogue DNS Records Using DHCP
During an Internal Penetration Test or Adversarial Attack Simulation (Red Team), TrustedSec will deploy a rogue, Linux-based networking device onto a client's…
Azure Account Hijacking using mimikatz’s lsadump::setntlm
Not long ago, I was on an engagement where the client made use of a hybrid Office 365 environment. In their setup, authentication credentials were managed by…
Password Recovery 101: Cracking More of Your List
Join VP of Consulting Services Martin Bos, as well as Senior Security Consultants Paul Burkeland and Hans Lakhan for this webinar and interactive walkthrough,…
The Lost Underground
Join TrustedSec Principal Security Consultant Mike Felch for an eye-opening journey into the lost underground, where ingenuity, disobedience, and complexity…
Security Noise - Episode 7.7
Amazing Stories in InfoSec
On-Demand BOF
From the team that brought you COFF Loader, CS-Situational-Awareness-BOF, CS-Remote-OPs-BOF, and numerous blogs on BOFs, we are excited to release our first…
BEC Basics: Your First Step to Thwarting Email Scams
Join Senior Security Consultant Steven Erwin and Security Consultant Caroline Fenstermacher as they cover the basics of BEC analysis, providing participants…
Discovering a Deserialization Vulnerability in LINQPad
Like most red teamers, I spend quite a lot of time looking for novel vulnerabilities that could be used for initial access or lateral movement. Recently, my…
A 5-Minute Guide to HTTP Response Codes
If you've done any network scanning or application testing, you've run into your fair share of HTTP response codes. If not, these codes will show up in most…
Empower your business through better security design.
Talk directly with our experienced advisory consultants to learn how we can help.
