Skip to Main Content

Justin Elze

CTO, Director of Research

EXPERIENCE
Justin Elze is currently serving as Chief Technology Officer at TrustedSec. Over his 8 years with the company as an InfoSec expert, Justin has used his vast expertise in enterprise penetration testing, network security, social engineering, and red teaming to identify clients’ vulnerabilities and ultimately, protect their technology infrastructure. Prior to becoming CTO, Justin held the roles of Director of Innovation, Research, and Advanced Testing and Principal Security Consultant for TrustedSec.

With more than a decade of experience in the IT industry, Justin’s expertise is increasingly sought out by others in the field. He has taught at Black Hat and spoken at DerbyCon, where he also served on the CFP Review Board, and is also featured as an industry leader in the published books Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World and Tribe of Hackers Red Team: Tribal Knowledge from the Best in Offensive Cybersecurity.

Prior to joining TrustedSec, Justin was a Senior Penetration Tester for Accuvant LABS, Optiv, Dell SecureWorks, and Redspin, where he led numerous red team engagements and penetration tests. He has worked across a variety of industries, including roles for ISPs, hosting companies, Department of Defense contracting companies, and consulting companies. Today, he leans on what he learned throughout his roles in various capacities to inform his choices as CTO and further his thought leadership in the industry.

Outside of his work experience and “ethical hacker” persona, Justin is passionate about building, tuning, and racing cars (and, yes, occasionally hacking them) and spending time with his 3 dogs. You can find his latest musings—security-related and otherwise—on his Twitter account, @HackingLZ.

Featured Blogs And Resources

Discover the blogs, analysis, webinars, and podcasts by this team member.

Blog May 18 2023

Walking the Tightrope: Maximizing Information Gathering while Avoiding Detection for Red Teams

Analyze the balance between gaining useful information and avoiding detection, detailing recon techniques that can be employed without compromising stealth.…

Read about this article
Blog March 17 2023

Critical Outlook Vulnerability: In-Depth Technical Analysis and Recommendations (CVE-2023-23397)

Threat Overview Earlier this week, Microsoft released a patch for Outlook vulnerability CVE-2023-23397, which has been actively exploited for almost an entire…

Read about this article
Webinars March 15 2023

Ask Me Anything: Penetration Testing Innovations and Insights

Join David Kennedy, Founder & Chief Hacking Officer, and Justin Elze, CTO & Director of Research, for a live webinar in which they’ll answer your questions…

Read about this article
Webinars December 14 2021

Log4j: Live Update Webcast

During the webcast, we will be joined by David Kennedy, TrustedSec CEO & Binary Defense CTO, Randy Pargman, Binary Defense Vice President of Threat Hunting &…

Read about this article
Blog December 19 2024

Malware Series: Process Injection Mapped Sections

We're back with another post about common malware techniques. This time, we are talking about using shared memory sections to inject and execute code in a…

Read about this article
Blog December 17 2024

Top 10 Blogs of 2024

At TrustedSec, we are all about leveraging our collective intelligence and knowledge to uplift the cybersecurity community. One of our most popular educational…

Read about this article
Blog December 05 2024

On-Demand BOF

From the team that brought you COFF Loader, CS-Situational-Awareness-BOF, CS-Remote-OPs-BOF, and numerous blogs on BOFs, we are excited to release our first…

Read about this article
Blog December 03 2024

Discovering a Deserialization Vulnerability in LINQPad

Like most red teamers, I spend quite a lot of time looking for novel vulnerabilities that could be used for initial access or lateral movement. Recently, my…

Read about this article
Blog November 21 2024

A 5-Minute Guide to HTTP Response Codes

If you've done any network scanning or application testing, you've run into your fair share of HTTP response codes. If not, these codes will show up in most…

Read about this article
Blog November 14 2024

Attacking JWT with Self-Signed Claims

JSON Web Tokens (JWTs) are a widely used format for applications and APIs to pass authorization information. These tokens often use a JSON Web Signature (JWS)…

Read about this article

Empower your business through better security design.

Talk directly with our experienced advisory consultants to learn how we can help.