EXPERIENCE
Kevin Haubris has 10+ years of experience in Information Security positions for the public and private sectors, focusing on both offensive and defensive security. During this time, he has concentrated mostly on software development, pen testing, adversarial emulation, and reverse engineering.
EDUCATION & CERTIFICATIONS
- Bachelor of Science, Computer and Network Security, Dakota State University
PASSION FOR SECURITY
Kevin has had a passion for security since college, when he started learning exploit development outside of class in his spare time. That started him off on a path to learning about additional complicated topics. Now he enjoys solving difficult problems, spending time in a disassembler, and loves learning how different binaries work.
Featured Blogs And Resources
Discover the blogs, analysis, webinars, and podcasts by this team member.
ELFLoader: Another In Memory Loader Post
Intro Now that BOFs are commonplace for Windows agents, some people have talked about wanting a non-Windows only version. In this blog post, we’ve got…
COFFLoader: Building your own in memory loader or how to run BOFs
Intro Have you heard of the new Beacon Object File (BOF) hotness? Have you ever thought that you should be able to run those outside of Cobalt Strike? Well, if…
SELinux and Auditd
In this blog post, I will discuss SELinux and Auditd, how to use them, how to determine what the default policies are doing, and how to add new ones. For those…
Linux: How's My Memory
Windows in-memory injection is commonplace in current toolsets, there are quite a few methods to do it, and most of them are documented pretty well. Linux…
Malware: Linux, Mac, Windows, Oh My!
While going through APT write-ups, I’ve been noticing a lot of focus on detecting Windows malware, so we will skip over that. One thing that I haven’t seen…
BEC Basics: Your First Step to Thwarting Email Scams
Attackers never stop evolving their business email compromise (BEC) tactics, leveraging phishing, credential harvesting, and email spoofing to infiltrate…
Actionable Purple Team Simulation Online Training (November 7-8)
Learn how to create specific detections to identify early Indicators of Compromise (IOCs) in our online course. Designed for those looking to improve their…
Ask Me Anything: Advanced Cloud Pen Testing Scenarios
Cloud Penetration Tests are a critical component of cloud security, but integrating other testing methods can take the assessment to the next level. Adding…
Offensively Groovy
On a recent red team engagement, I was able to compromise the Jenkins admin user via retrieving the necessary components and decrypting credentials.xml. From…
Security Noise - Episode 7.4
Who's On My Network?
Empower your business through better security design.
Talk directly with our experienced advisory consultants to learn how we can help.
