Skip to Main Content

Hans Lakhan

Principal Security Consultant

EXPERIENCE
With over a decade of industry experience, Hans Lakhan has worked in both offensive and defensive roles. Before switching to red teaming, he spent 5 years working as a technical Security Analyst for a Fortune 500 telecommunications company, specializing in networking, firewalls, vulnerability management, and VPNs.

EDUCATION & CERTIFICATIONS

  • B.S. Bio-Medical Information Systems, University of Minnesota
  • Offensive Security Certified Professional (OSCP)

PROFESSIONAL AFFILIATIONS
Hans occasionally presents at various conferences (Blackhat, DerbyCon) and contributes to several open source projects.

PASSION FOR SECURITY
While Hans enjoys tackling complex security challenges, his true passion stems from tearing apart systems (physical, digital, process flows, and more), in which the goal is to identify weaknesses and present remediation solutions.

Featured Blogs And Resources

Discover the blogs, analysis, webinars, and podcasts by this team member.

Blog January 25 2022

Recovering Randomly Generated Passwords

TL;DR - Use the following hashcat mask files when attempting to crack randomly generated passwords. 8 Character Passwordsmasks_8.hcmask9 Character…

Read about this article
Blog February 02 2021

Injecting Rogue DNS Records Using DHCP

During an Internal Penetration Test or Adversarial Attack Simulation (Red Team), TrustedSec will deploy a rogue, Linux-based networking device onto a client's…

Read about this article
Blog September 23 2020

Azure Account Hijacking using mimikatz’s lsadump::setntlm

Not long ago, I was on an engagement where the client made use of a hybrid Office 365 environment. In their setup, authentication credentials were managed by…

Read about this article
Webinars June 17 2020

Password Recovery 101: Cracking More of Your List

Join VP of Consulting Services Martin Bos, as well as Senior Security Consultants Paul Burkeland and Hans Lakhan for this webinar and interactive walkthrough,…

Read about this article
Webinars December 18 2024

The Lost Underground

Join TrustedSec Principal Security Consultant Mike Felch for an eye-opening journey into the lost underground, where ingenuity, disobedience, and complexity…

Read about this article
Webinars December 04 2024

BEC Basics: Your First Step to Thwarting Email Scams

Join Senior Security Consultant Steven Erwin and Security Consultant Caroline Fenstermacher as they cover the basics of BEC analysis, providing participants…

Read about this article
Blog December 03 2024

Discovering a Deserialization Vulnerability in LINQPad

Like most red teamers, I spend quite a lot of time looking for novel vulnerabilities that could be used for initial access or lateral movement. Recently, my…

Read about this article
Blog November 21 2024

A 5-Minute Guide to HTTP Response Codes

If you've done any network scanning or application testing, you've run into your fair share of HTTP response codes. If not, these codes will show up in most…

Read about this article
Events TrustedSec HQ | November 20 2024

WiCyS Ransomware Panel & Networking Event

Join us for an insightful discussion with the Women in Cyber Security (WiCyS) Northeast Ohio Affiliate members!

Read about this article
Webinars November 20 2024

Navigating Compliance: FCI and CUI Requirements for Federal Contractors

TrustedSec Advisory Compliance Services Practice Lead Chris Camejo provides a comprehensive overview of the definition, scope, and protection requirements for…

Read about this article

Empower your business through better security design.

Talk directly with our experienced advisory consultants to learn how we can help.